MagicTradeBot
Download
Third-Party · Last updated: May 23, 2026

API Terms of Use

Rules governing the MagicTradeBot webhook endpoint, exchange API usage on your behalf, and the license validation API.

01

Scope & API overview

These API Terms of Use ("API Terms") govern all programmatic access to MagicTradeBot services, including:

API / endpoint Purpose Who uses it Auth method
Webhook endpoint Receive trading signals from TradingView Pine Script alerts and execute them on connected exchanges TradingView, custom signal sources Secret token in payload
Exchange REST APIs Order placement, position management, balance queries, market data — called by the bot on your behalf MagicTradeBot binary (your server) HMAC-SHA256 API keys
License validation API Periodic license status check — bot calls our hosted endpoint to verify active license MagicTradeBot binary (your server) License key

These terms supplement our Terms of Service and Third-Party Integrations Policy. In the event of conflict, the Terms of Service take precedence.

02

API access eligibility

  • Licensed users only. Access to paid API features (live trading execution, TradingView webhook integration) requires an active Pro or Elite license.
  • Free tier. Signal broadcasting and paper trading webhook reception are available on the Free tier.
  • Account in good standing. Accounts suspended for AUP or Terms of Service violations lose API access immediately and without notice.
  • One license, one user. API credentials are issued per account and may not be shared, resold, or transferred to another individual or organisation.
03

Webhook API — TradingView signal integration

The MagicTradeBot webhook endpoint allows you to route TradingView Pine Script alerts (and other signal sources) to your bot instance for automated execution.

  • Each bot instance generates a unique webhook URL containing a secret token — treat this URL as a password and never share it publicly
  • Webhook requests must include the correct secret token in the JSON payload — requests with invalid or missing tokens are rejected with HTTP 401
  • Webhook URLs should be rotated immediately if you suspect exposure. Generate a new token via your bot configuration file
  • The webhook endpoint only accepts connections over HTTPS — plain HTTP webhook requests are rejected

The webhook accepts JSON payloads. The minimum required fields are documented in the TradingView Integration documentation. Malformed or oversized payloads (greater than 4 KB) are rejected with HTTP 400.

i
The webhook runs on your self-hosted bot instance — the endpoint URL points to your own server, not MagicTradeBot infrastructure. You are responsible for securing the port, firewall, and TLS certificate on your server.
04

Exchange API usage

MagicTradeBot calls exchange APIs on your behalf using the credentials you provide in your configuration. The following rules govern this usage:

Permission Required Notes
Read — account balance & positions Yes Required for all trading modes
Trade — place & cancel orders Yes Required for live auto trading
Futures — perpetual contract access Conditional Required only for futures trading modes
Withdraw — transfer funds out Never enable MagicTradeBot never requires withdrawal permissions
Sub-account management No Not required for any MagicTradeBot feature

MagicTradeBot is engineered to respect the documented rate limits of each connected exchange. However:

  • You are ultimately responsible for ensuring your bot configuration — including symbol count, polling intervals, and DCA order frequency — does not result in rate limit violations on any exchange
  • Running multiple bot instances against the same API key multiplies request volume — use separate API keys per instance when deploying Redis fleet configurations
  • Exchange rate limit violations resulting in temporary API key bans are your responsibility — MagicTradeBot is not liable for losses during exchange-imposed ban periods
05

License validation API

The MagicTradeBot binary periodically contacts our hosted license validation endpoint to verify your license status. The following governs this behaviour:

  • Data sent. License key and a platform identifier — no personal data, trading data, or API keys are transmitted.
  • Frequency. Validation checks occur periodically in the background and do not affect bot performance.
  • Offline grace period. If the license validation endpoint is temporarily unreachable, the bot continues operating for a short grace period before restricting paid features.
  • Tampering prohibited. Intercepting, spoofing, or modifying license validation requests is a violation of these terms and the Intellectual Property Policy — affected accounts are terminated immediately.
06

Prohibited API uses

The following are strictly prohibited and will result in immediate revocation of API access and potential legal action:

Prohibited activity Consequence
Reverse engineering the API protocol or binary to extract endpoints, tokens, or internal logic Immediate termination + IP enforcement
Using API access to build a competing trading bot or service Immediate termination + legal action
Sharing webhook URLs or license keys with unauthorised users Account suspension + key revocation
Intentional rate limit abuse — flooding exchange APIs to cause disruption Account termination + exchange report
Intercepting or spoofing license validation requests Immediate termination + legal action
Using the API to facilitate market manipulation, wash trading, or prohibited exchange strategies Termination + referral to authorities
07

API credential security

  • Exchange API keys. Store exclusively in environment variables or encrypted secrets management solutions — never in plain text files, version control systems, or shared documents.
  • Webhook tokens. Treat your webhook URL as a secret credential — do not post it in public repositories, Discord servers, or support tickets.
  • License keys. Do not share your license key — it is tied to your account and a single user.
  • Rotation. If any credential is compromised or suspected of exposure, rotate it immediately. Exchange API keys can be regenerated in your exchange account. Webhook tokens can be regenerated in your config.yaml.
  • IP whitelisting. Restrict exchange API keys to your bot server's IP address wherever the exchange supports this feature.
!
MagicTradeBot staff will never ask for your API keys, webhook URL, or license key in any support communication. If you receive such a request, report it immediately to sales@magictradebot.com with subject PHISHING REPORT.
08

API liability & disclaimers

  • MagicTradeBot provides no guarantee of API uptime, latency, or order execution speed beyond the commitments in our Service Level Agreement
  • We are not liable for trading losses resulting from API latency, webhook delivery failures, exchange API outages, or misconfigured signal payloads
  • API behaviour may change between versions — always run the latest stable release and review release notes for breaking changes before upgrading
  • We reserve the right to modify, deprecate, or discontinue API endpoints with reasonable notice. Critical changes will be communicated via email and documentation at least 14 days in advance
09

Terms updates

These API Terms are reviewed periodically and updated when API capabilities, security requirements, or applicable law changes. When material changes are made:

  • The "Last Updated" date at the top of this page is updated
  • Registered users are notified via email for significant changes
  • Changes that break existing integrations are communicated at least 14 days before taking effect
10

Contact

For API-related questions, integration support, or to report misuse:

By using any MagicTradeBot API you confirm that you have read and agreed to these API Terms of Use.

Related: Third-Party Integrations TradingView Docs Security Policy Email API Team