You designed a strategy in Pine Script and want it to trade on its own. But TradingView doesn't execute orders at your broker directly (except for native integrations). The bridge is the webhook: the alert fires, sends a message to a server of yours, and that server executes the order via the broker's API. This guide builds that entire pipeline — and is honest about where it can fail.
01The end-to-end architecture
There are four links. Understanding the flow is essential before writing a line:
Prerequisite: the webhook feature in alerts requires a paid TradingView plan. The free plans don't send webhooks. And you need a server with a public URL (a VPS, or services like Render/Railway) to receive the POST.
02Step 1: the alert in TradingView
In your Pine Script, you use alert() with a JSON message (for the server to interpret). Then, when creating the alert in the interface, you paste your webhook URL into the "Webhook URL" field.
// in Pine Script — a structured JSON message if ta.crossover(fast_ma, slow_ma) alert('{"secret":"MY_SECRET","action":"BUY","asset":"BTCUSDT","qty":0.01}', alert.freq_once_per_bar_close)
The secret is vital — it's what stops anyone who discovers your URL from firing fake orders. We'll see the validation on the server.
03Step 2: the receiver server
A simple Python server with FastAPI that receives the webhook, validates the secret and processes it:
# server.py from fastapi import FastAPI, Request, HTTPException import os app = FastAPI() SECRET = os.getenv("WEBHOOK_SECRET") # never hardcode @app.post("/webhook") async def webhook(request: Request): data = await request.json() # 1. validate the secret — blocks fake requests if data.get("secret") != SECRET: raise HTTPException(status_code=403, detail="Unauthorized") # 2. interpret the signal action = data.get("action") asset = data.get("asset") qty = data.get("qty") # 3. execute at the broker (a function from your execution module) if action == "BUY": execute_buy(asset, qty) elif action == "SELL": execute_sell(asset, qty) return {"status": "ok", "action": action}
The execute_buy function uses the broker's API — exactly the code we showed in the Binance tutorial or the MT5 API. The webhook only replaces the part that "decides" — now Pine Script is what decides.
Security is mandatory, not optional: your webhook URL is public. Without secret validation, anyone who discovers the URL can fire orders on your account. Always use: (1) a secret in the message, (2) HTTPS, (3) ideally also validate TradingView's source IP. Treat this the way you'd treat your bank password.
04Step 3: where to host the server
The server needs a public URL and must be always on. Options:
- VPS (the same one as the bot) — full control, a fixed IP so you can filter. See our VPS guide.
- Deploy platforms (Render, Railway, Fly.io) — spin up the server quickly, with limited free tiers. Good for testing.
- Local tunnel (ngrok) — for testing only, temporarily exposes your local PC. Never for production.
Need a VPS to host it?
See how to choose and configure the VPS that will run your webhook server 24/7.
05Webhook vs. native integration
Before building this entire pipeline, consider the alternative: some brokers have a native integration with TradingView — you send the order straight from the chart, with no intermediary server. Pepperstone is an example. Compare:
- Webhook + server: flexible (works with any broker that has an API), but adds points of failure (server, latency, security) and requires maintenance.
- Native integration: simpler and more reliable (no server of yours in the middle), but limited to the brokers that offer it and to what the integration allows.
Recommendation: if your broker has native integration and it fits your strategy, prefer it — fewer things to break. The webhook shines when you need custom logic in the middle (e.g. your own risk management, multiple brokers) or when the broker only offers an API, not a TradingView integration.
06The honest risks of webhook automation
What can go wrong (and will, at some point): the server can go down and you lose the signal. The request can be lost on the network. There's latency between the alert and execution (seconds can matter). An alert can fire twice (a duplicate order). You need logs, idempotency (don't execute the same order twice) and monitoring. Webhook automation is powerful, but it's not "set it and forget it."
Practices that reduce the risk: log every request received and every order sent; implement idempotency (each alert has an ID, ignore repeats); have a "kill switch" (a way to shut everything off fast); and — always — test the whole pipeline on a demo account for weeks before any real money.
07Frequently asked questions
What is a TradingView webhook?
It's an HTTP request that TradingView sends automatically to a URL of yours when an alert fires. That request can trigger a server that executes orders at the broker, automating strategies built in Pine Script.
Do you need a paid TradingView plan?
Yes. The webhook feature in alerts requires a paid plan. The free ones don't allow sending webhooks. You also need a server with a public URL to receive them.
Is it safe to automate via webhook?
There are risks: the URL is public (it needs secret validation), the server can go down, there's latency, and alerts can duplicate. For time-sensitive strategies, native integration is more reliable. Always test on demo and use logs, idempotency and a kill switch.
What's the difference from native integration?
Native integration (e.g. Pepperstone) executes straight from the chart, with no server of yours — simpler and more reliable. Webhook is more flexible (any broker with an API, custom logic in the middle) but adds points of failure. Prefer native when it fits.
Can you use a webhook for futures?
Yes, as long as your broker has an accessible API. The receiver server would call the broker's API (or the MT5-Python bridge) to execute. The flow is the same; only the execution function at the end changes.