REST API

POST signals to your unique inbound URL. For Zapier, n8n, custom backends, or anywhere you can make an HTTPS request.

Endpoint

Every REST API source gets a unique URL containing your source auth key. POST your signal payload to this URL, no other authentication header is needed.

POST https://signalync.com/api/inbound/{sourceAuthKey}

http

Response codes

202Signal received and queued for processing.

400Body was received but could not be parsed as a valid signal.

401Source key in the URL is invalid or the source is inactive.

422JSON body was valid JSON but missing required signal fields.

429Monthly signal quota exceeded, see your plan limits.

Request shape

The REST API source accepts two body formats, plain text (the same comma-separated format used by TradingView) or JSON.

Plain text

EURUSD,buy,vol=0.1,sl_pips=50,tp_pips=100

text

Set Content-Type: text/plain.

JSON

{
  "symbol": "EURUSD",
  "action": "buy",
  "vol": 0.1,
  "sl_pips": 50,
  "tp_pips": 100
}

json

Set Content-Type: application/json.

See the full signal format reference for all supported fields.

Authentication

The sourceAuthKey embedded in the URL path is the only required credential. Copy it from the Source detail page in the dashboard.

Optional HMAC signing

If you set an HMAC secret on the Source, every request must include an X-Signature header. The value is sha256=<hex digest> where the digest is HMAC-SHA256 of the raw request body keyed with your secret. Requests without a valid signature are rejected with 401.

Zapier / n8n

Both platforms support custom HTTP headers. Set the secret in Signalync, then configure your automation tool to compute and attach the header before each POST.

Examples

cURL, market buy with SL/TP

curl -X POST https://signalync.com/api/inbound/YOUR_SOURCE_KEY \
  -H "Content-Type: application/json" \
  -d '{"symbol":"EURUSD","action":"buy","vol":0.1,"sl_pips":50,"tp_pips":100}'

bash

cURL, risk-based sizing with multi-TP

curl -X POST https://signalync.com/api/inbound/YOUR_SOURCE_KEY \
  -H "Content-Type: application/json" \
  -d '{
    "symbol": "XAUUSD",
    "action": "sell",
    "vol_pctbal_loss": 1,
    "sl_pips": 40,
    "tp1_pips": 40,
    "tp2_pips": 80,
    "tp3_pips": 120
  }'

bash

cURL, plain text format

curl -X POST https://signalync.com/api/inbound/YOUR_SOURCE_KEY \
  -H "Content-Type: text/plain" \
  -d "GBPUSD,sell,vol=0.5,sl_pips=30,tp_pips=60"

bash

With HMAC signature (bash)

BODY='{"symbol":"EURUSD","action":"buy","vol":0.1}'
SIG="sha256=$(echo -n "$BODY" | openssl dgst -sha256 -hmac "YOUR_SECRET" | awk '{print $2}')"

curl -X POST https://signalync.com/api/inbound/YOUR_SOURCE_KEY \
  -H "Content-Type: application/json" \
  -H "X-Signature: $SIG" \
  -d "$BODY"

bash

Troubleshooting

401 Unauthorized

The source key in the URL is wrong or the source has been deactivated. Re-copy the inbound URL from the Source detail page in Signalync.

422 Unprocessable Entity

The JSON body was valid but did not contain a recognisable signal. Make sure symbol and action fields are present. Check the signal format reference for the full field list and accepted values.

429 Too Many Requests

You have exceeded your monthly signal quota. Check your current usage on the Usage page or upgrade your plan, see plan limits.

HMAC signature rejected

The digest must be computed over the exact raw bytes sent as the body. Any re-serialisation (key reordering, whitespace changes) will produce a different digest. Compute the HMAC before any transformation and send the identical bytes.