Signal authentication

Why authenticate?

TransisTrade webhook URLs are unguessable, but long-lived. If an alert payload leaks — for example in a shared TradingView strategy — anyone could replay trades into your account. A secret key closes that gap.

The secret key

Every TransisTrade workspace has a secret key that looks like:

tt_sk_live_c7a02c4b9f91a84f7d12

Find it under Bridge → Modifier → Signal authentication. It's revealed once, copyable from the UI, and can be rotated in one click.

Including it in alerts

Add a secret field to your TradingView alert payload:

{
  "secret": "tt_sk_live_c7a02c4b9f91a84f7d12",
  "symbol": "{{ticker}}",
  "side": "{{strategy.order.action}}",
  "qty": {{strategy.position_size}}
}

Any payload missing the secret, or with a mismatched secret, is rejected at the edge and never reaches your broker. Rejections appear in Bridge → Logs with status Rejected.

Rotating your secret

Rotate whenever you suspect exposure or on a scheduled cadence (quarterly is a healthy default). Rotation requires updating every TradingView alert that uses TransisTrade.

1. In the portal, open Bridge → Modifier.
2. Click Rotate. The old key stays valid for a 10-minute grace window.
3. Update your TradingView alert payloads with the new key before the grace window expires.

Advanced: HMAC signing

For programmatic sources (your own strategy runners, CI pipelines, bots), TransisTrade also accepts HMAC-signed requests using the header:

X-Transis-Signature: t=<unix>,v1=<hmac_sha256(body, secret)>

The signature must be computed over the raw request body and the signing timestamp. Requests with a timestamp older than five minutes are rejected as stale.

Troubleshooting