I’m tinkering with AI just for fun to build a small trading bot. The idea is that a custom strategy or algorithm runs in TradingView (a charting software) and generates signals. These signals would then be sent via webhook to the bot, which checks if everything is in order and executes an order on the crypto exchange. I already have some thoughts on the TradingView algo, but right now, I’m mainly focused on the concept and security behind it.

Security features I’m considering: • IP Whitelist: Only specific pre-approved IPs would be allowed to send requests. • HMAC Signature Verification: Each signal would be signed with a secret key to prevent unauthorized trades. • Rate-Limiting: A maximum of 10 requests per minute to prevent spam or DDoS attacks. • Duplicate Protection: Processed signals would be stored to ensure no duplicates are executed. • Validations: Symbols, amounts, and account balance would be checked before placing an order. • Circuit Breaker: If too many errors occur (e.g., API issues), trading would automatically stop. • Shutdown Protection: The server could only be shut down with a secret token.

For now, I’m thinking of using Flask for the backend, with a few threads for asynchronous tasks, and ccxt as the exchange interface.

Since this is one of my first projects, what else should I consider? I’d appreciate any feedback or suggestion.