TPSL API Routes
Take-profit / stop-loss triggers live in two places depending on context:
| Surface | Used by | Base URL |
|---|---|---|
Insiders backend (/api/tpsl) | Direct user trades via the app | https://api.polyinsiders.com/api/tpsl |
Trading Tools v2 control-api (:9110/triggers) | Copy-trade-attached TP/SL | Internal — proxied via backend |
🔒 = requires user JWT. The control-api /triggers surface is accessed via the backend proxy, not directly from the frontend.
Insiders Backend · /api/tpsl
Codebase: polyinsiders-backend-v1/src/routes/tpsl.routes.ts
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /triggers | 🔒 | Create a TP/SL trigger on a position |
| GET | /triggers | 🔒 | List all user's active triggers |
| GET | /triggers/:id | 🔒 | Get a specific trigger |
| PATCH | /triggers/:id | 🔒 | Update trigger (price, size, type) |
| DELETE | /triggers/:id | 🔒 | Cancel / delete a trigger |
Trigger object shape
{
id: string
walletAddress: string
conditionId: string // Polymarket condition
side: "buy" | "sell"
triggerType: "take_profit" | "stop_loss"
triggerPrice: number // 0–1 (outcome price)
size: number // USDC amount
status: "pending" | "triggered" | "cancelled" | "failed"
createdAt: string // ISO timestamp
}Trading Tools v2 · control-api :9110/triggers
Codebase: /opt/tradingtools-v2/apps/control-api/src/index.ts
Spec: /opt/tradingtools-v2/docs/tpsl_control_api_v1.md
This surface is GUARD's TPSL — it handles TP/SL specifically for copy-trade positions managed by the executor engine. Not for standalone user trades. All calls go through the backend proxy: Insiders API → control-api :9110.
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /triggers | Bearer token | Create TP/SL on a copy position |
| GET | /triggers | Bearer token | List triggers (?wallet=0x…) |
| GET | /triggers/:id | Bearer token | Get single trigger |
| PATCH | /triggers/:id | Bearer token | Modify trigger |
| DELETE | /triggers/:id | Bearer token | Cancel trigger |
Auth model
Authorization: Bearer <CONTROL_API_TOKEN>Token is a shared server-side secret — never sent to the browser. The backend holds it and proxies on behalf of the user.
Trigger request shape (control-api)
{
follower: {
followerUserId: string
followerWalletId: string
followerProxy: string // 0x… proxy address
}
conditionId: string
takeProfitPct?: number // e.g. 25 = exit at +25%
stopLossPct?: number // e.g. 15 = exit at -15%
trailingPct?: number // trailing stop %
}Mutations return bare {"success": true}. Re-GET to read updated state.