🔌 API Endpoint Directory
This directory provides the complete HTTP REST API specification for all public and internal endpoints exposed across the Hoox edge microservices stack.
🔒 Security & Authorization Headers
All internal calls between workers (via V8 Service Bindings) must provide the standard internal authentication header:
X-Internal-Auth-Key: <INTERNAL_KEY_BINDING>Public webhook and dashboard endpoints use cookie authorization or custom API keys:
- Webhook Ingestion: Authenticated using the
apiKeyproperty inside the JSON payload. - Telegram webhook: Authenticated via the secure token path:
/telegram/<TELEGRAM_WEBHOOK_SECRET>.
🚀 Ingress Webhook Endpoints (workers/hoox)
The public gateway acts as the primary firewall and entry entryway for all external trade signals.
A. Ingest Signal Webhook
Receives TradingView alerts or automated cURL signals.
- Path:
/webhook - Method:
POST - JSON Payload:
{ "apiKey": "secure_webhook_key_18305", "exchange": "bybit", "action": "LONG", "symbol": "BTCUSDT", "quantity": 0.002, "leverage": 10, "idempotencyKey": "uuid-9b1deb4d-3b7d" } - Success Response (200 OK):
{ "success": true, "requestId": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d", "exchange": "bybit", "symbol": "BTCUSDT", "action": "LONG", "result": { "orderId": "18049284739", "status": "Filled", "price": 68425.5 } }
B. Proactive Health Diagnostics
- Path:
/health - Method:
GET - Success Response (200 OK):
{ "status": "ok", "timestamp": 1779261050000, "bindings": { "d1": "connected", "kv": "connected", "queue": "active" } }
🗄️ Database Service Endpoints (workers/d1-worker)
The d1-worker serves as a private, internal SQL proxy database.
A. Execute Single SQL Statement
- Path:
/query - Method:
POST - JSON Payload:
{ "requestId": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d", "query": "SELECT * FROM trades WHERE symbol = ? LIMIT ?", "params": ["BTCUSDT", 5] } - Success Response (200 OK):
{ "success": true, "results": [{ "id": "trade-1", "symbol": "BTCUSDT", "price": 68400 }], "meta": { "rows_read": 1, "duration": 3.5 } }
B. Execute Transactional Batch Statements
- Path:
/batch - Method:
POST - JSON Payload:
{ "requestId": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d", "queries": [ { "query": "INSERT INTO trades (id, symbol) VALUES (?, ?)", "params": ["t-1", "ETHUSDT"] }, { "query": "UPDATE positions SET size = size + 0.05 WHERE symbol = 'ETHUSDT'", "params": [] } ] } - Success Response (200 OK):
{ "success": true, "results": [{ "meta": { "changes": 1 } }, { "meta": { "changes": 1 } }] }
🧠 AI Risk & Chat Endpoints (workers/agent-worker)
Bridges background risk audits and multi-provider AI chat streams.
A. Conversational Chat Stream (Server-Sent Events)
- Path:
/agent/chat - Method:
POST - Headers:
Accept: text/event-stream - JSON Payload:
{ "prompt": "Summarize my trade history and average win rate today.", "stream": true, "provider": "anthropic" } - Success Response: Emits standard text/event-stream updates, terminating with
data: [DONE].
B. Multimodal AI Vision Audit
- Path:
/agent/vision - Method:
POST - JSON Payload:
{ "imageBase64": "iVBORw0KGgoAAAANSUhEUgAA...", "prompt": "Evaluate this trading chart image for support and resistance levels." } - Success Response (200 OK):
{ "success": true, "analysis": "Based on the provided chart screenshot, there is strong horizontal support at $67,200..." }
🔗 Next Steps
- Request Payload Schemas — Analyze the complete JSON request schemas and type rules.
- Standard Response Schemas — Check error factories and normal JSON envelopes.