To send a webhook to cTrader, POST your JSON alert to a unique PipSync webhook URL: PipSync validates the payload against your server-side risk rules and places the order on your cTrader account through Spotware's official Open API — no cBot to write, no VPS to run.
Risk warning: CFDs are complex instruments with a high risk of losing money rapidly due to leverage. 70–80% of retail investor accounts lose money when trading CFDs. Risk disclosure · Past performance.
This route is built for developers who already have a system that produces trade decisions — a scanner, a Python bot, an internal alerting service — and want cTrader execution without registering their own Open API application or maintaining a C# cBot. Anything that can make an HTTP POST becomes the signal source; PipSync handles authentication, symbol mapping, risk checks and order submission, and can push signed execution events back to your own endpoint.
The PipSync side is dashboard configuration; your side is one HTTP POST from whatever language your system is written in.
Sign up at app.pipsync.io. No credit card is required, and the free plan is enough to wire this route up and test it end-to-end from curl before you commit to anything.
Add a broker account in the dashboard and choose cTrader. Authorization happens through your cTrader ID against Spotware's official Open API — you grant access once, then select which trading account this route executes on. Point it at a demo account while you integrate.
Add a webhook source in the dashboard. PipSync generates a unique URL containing a secret token — that URL is the credential your system will use, so store it like any other secret and regenerate it from the Sources page if it is ever exposed.
From your own code or curl, POST a JSON body to the URL. The minimum is an action ("buy", "sell" or "close") and a symbol named exactly as your cTrader broker lists it; price, sl, tp and lots are optional and fall back to your configured risk rules.
If your system needs confirmations, register your own endpoint under Settings → Webhooks. PipSync POSTs signed events such as trade.opened and trade.closed to it — verify the X-PipSync-Signature header before trusting any payload.
Fire a sample payload from curl at the demo route and check the dashboard: it shows the parsed payload and whether the broker accepted the order. Run real alerts on the demo account — with Manual Approval on if you want to confirm each trade — before pointing the route at your live account.
Typical setup time: about 12 minutes.
No. cTrader has no inbound HTTP endpoint a third-party system could call. The official integration path is Spotware's Open API, which expects you to build and host an authorized application: OAuth flows, persistent connections, symbol metadata, order lifecycle handling. The alternative — a cBot written in C# inside cTrader Automate — only runs while a terminal is open.
PipSync sits between your system and the Open API as a hosted endpoint. Your code makes a plain HTTP POST; PipSync authenticates against Spotware on your behalf, applies your server-side risk rules, and submits the order. You write no cBot, register no Open API application, and run no infrastructure of your own.
A small, flat JSON object. Two fields are required — an action and a symbol — and everything else is optional, falling back to the risk rules you configured for the route. Because your own system produces the payload, parsing is deterministic: there is no free-text interpretation involved, unlike Telegram routes where an AI parser reads human-written messages.
The one detail that trips developers up is symbol naming. The payload's symbol must match your cTrader broker's instrument name exactly as it appears in the broker's symbol list — brokers can use their own naming or suffixes for the same market. A test POST against a demo account shows you the parsed payload in the dashboard and whether the broker accepted the order — the fastest way to verify a mapping.
Through outbound webhooks. Register your endpoint under Settings → Webhooks and PipSync POSTs a signed JSON payload for events like signal.received, trade.opened, trade.closed, trade.tp_hit and trade.sl_hit. Delivery is attempted up to 5 times with exponential backoff, so a brief outage on your side does not lose events.
Every delivery carries an X-PipSync-Signature header in the form t=<unix-ts>,v1=<hex-hmac-sha256>. Verify the HMAC with your webhook secret using a constant-time comparison, and reject payloads whose timestamp is more than 5 minutes old to prevent replay attacks.
For pull-based access there is also a REST read API — GET /v1/signals and GET /v1/trades with pagination, RFC 7807 error responses and an OpenAPI 3.1 spec at /api/v1/openapi.json for generating typed clients. API keys for it are available on the Enterprise plan; the inbound webhook source and outbound event webhooks do not require it.
Inbound webhook delivery is rate-limited per plan: 10 per minute on Basic, 60 on Pro with a short burst window, 200 on Business, and custom limits on Enterprise. For most alert systems that is ample headroom — if your system can emit faster than its plan allows, batch or debounce on your side rather than retrying blindly.
Security is layered. The webhook URL contains a secret token, so possession of the URL is the credential — treat it like a password and regenerate it if exposed. Behind that, your server-side risk rules are the hard floor: sizing limits, SL/TP handling, max open trades and symbol filters run before any order reaches your broker, so even a buggy upstream system cannot exceed the guardrails you set. Manual Approval mode adds a human confirmation step per trade if you want one.
You can absolutely integrate with Spotware's Open API directly — it is well documented. What you take on is the operational side: registering and maintaining an authorized application, OAuth token handling, connection management and reconnects, broker symbol metadata, order lifecycle states and error handling, plus hosting all of it somewhere that never sleeps. That is real engineering work for what is often a single POST-to-order pipeline.
Routing through PipSync collapses that to one HTTP request, and it keeps your risk layer in one place: the same server-side rules apply whether a signal arrives from your webhook, a TradingView alert or a Telegram channel. It also makes the destination swappable — the same payload contract can execute on MT4, MT5, Match-Trader, Binance Futures or Bybit, so adding a second platform later is configuration, not code.
Connect a signal source and a broker account, watch PipSync parse and route in real time, and upgrade only if you need more. No credit card required to start.
Risk warning: CFDs are complex instruments with a high risk of losing money rapidly due to leverage. 70–80% of retail investor accounts lose money when trading CFDs. Risk disclosure · Past performance.
Written by the PipSync team · Reviewed by Tobias Russmann, Director, PipSync · Published · Last updated
PipSync is a cloud-based signal automation platform that routes trading signals from Telegram, Discord, TradingView alerts and custom webhooks to broker accounts on MetaTrader 4, MetaTrader 5, cTrader, Match-Trader, Binance Futures and Bybit — with server-side risk management and no VPS required. PipSync is an execution tool, not a signal provider and not investment advice.
PipSync is a signal execution tool. It does not provide trading signals, does not guarantee any trading results and is not investment advice. Trading leveraged products involves substantial risk of loss. See the full risk disclosure and performance disclaimer.