Webhook alerts to Discord, Telegram or Slack
Send any Chartping alert to a webhook you control — Discord, Telegram, Slack or your own backend — signed with HMAC-SHA256 and retried on failure.
Beyond push, SMS and a voice call, Chartping can POST any alarm to a webhook URL you control — a Discord, Telegram or Slack incoming webhook, or your own backend — signed with HMAC-SHA256 and retried on failure. It’s the escape hatch that routes alerts into whatever you already use.
What a webhook is
A webhook is just a URL that receives an HTTP POST when something happens. You paste the URL (from Discord/Telegram/Slack or your own service), and when an alert fires, Chartping sends it there as a small JSON payload. You choose which severities route to which channel, and quiet hours apply — except critical alerts, which are never suppressed.
Signed, so you can trust it
Every request carries an X-Chartping-Signature header formatted t=unix,v1=hex. The v1 value is an HMAC-SHA256 — with a secret you share — over the string timestamp.delivery-id.raw-body, where the delivery id arrives in a companion X-Chartping-Delivery header. Your endpoint rebuilds that string, recomputes the HMAC, checks the timestamp is recent (a short window blocks replays), and compares in constant time. Match, and it’s genuinely from Chartping and untampered; no match, drop it — so no one can spoof alerts to your backend.
Retried on failure
If your endpoint is briefly down or slow, Chartping retries rather than dropping the alert on the floor — best-effort delivery, but it doesn’t give up on the first hiccup.
Your own EA can use it too
The same pipe is open to developers: a read-only MQL SDK lets any Expert Advisor or indicator emit a log or alarm in one line, which can POST to a signed webhook. See the EA developer SDK and everything Chartping watches. It only ever reads and reports — it never places a trade, and alerts are best-effort.
Frequently asked
Which platforms can I send alerts to?
Any that accept an incoming webhook — Discord, Telegram, Slack — or your own backend at any URL you control. You choose which severities go to which channel.
How do I know a webhook really came from Chartping?
Each request carries an X-Chartping-Signature header formatted t=unix,v1=hex. The v1 value is HMAC-SHA256, with your shared secret, over the string timestamp.delivery-id.raw-body — the delivery id arrives in a companion X-Chartping-Delivery header. Rebuild that string, recompute the HMAC, check the timestamp is recent (about a five-minute window blocks replays), and compare in constant time; if it doesn’t match, drop the request.
Can my own EA send alerts through this?
Yes. A read-only MQL SDK lets any Expert Advisor or indicator emit a log or alarm in one line, which can POST to the same signed webhooks. It never sends an order.