Skip to content
Robot de trading
Interface web

Interface web

La traduction française de cette page est en cours.


OctoBot comes with a web interface allowing you to:

  • Follow OctoBot’s status and moves
  • Interact with OctoBot
  • Configure OctoBot and the Trading Modes to use
  • Use Backtesting to optimize your strategies


web config

  • port is the port you want the web interface to be accessible from. Changing it allows you to have multiple OctoBots running on the same computer.
  • auto open in web browser is whether starting your OctoBot should open a new tab on your browser to display the web interface
  • requires password is whether the web interface of your OctoBot should be protected by a password

Protéger votre interface web

Utiliser mot de passe

You can set a password to protect your web interface. This way you can secure the access to your OctoBot when hosting it on a cloud or just add a security layer to your setup.

By default no password is required.

You can activate the password authentication from the web interface configuration, it is also where you can set and change your password.

Any IP will be automatically blocked after 10 authentication failures in a row. IPs will remain blocked until your OctoBot restarts. If you accidentally block your IP, you can just restart your OctoBot.

Comment le mettre en place ?

  • Go to “Accounts” page
  • Select “Interfaces” on the left menu
  • Click on ”********” next to “Password: “
  • Override the ”****” with your password
  • Click on validate
  • Click on “SAVE AND RESTART” red button on the left menu

Mot de passe oublié

If you forgot your password, go to your user/config.json file and change:

"require-password": true,


"require-password": false,

Then restart your OctoBot. This way you will be able to access your OctoBot without a password and then change it.

À propos de l’authentification par interface web

  • OctoBot’s web interface authentication works on the assumption that you are the only person being able to access your OctoBot’s file system and the associated processes. This authentication can be deactivated by anyone being able to edit your user/config.json and restart your OctoBot process.
  • Only a SHA256 hash of your password will be stored in you user/config.json file. This is making it impossible to go back to the original password you entered.

Bloquer les requests provenant d’autres sites (CSRF)

You can set the CORS_ALLOWED_ORIGINS environment variable before starting your OctoBot, this way only requests from the specified origin(s) will be answered to.


  • CORS_ALLOWED_ORIGINS=http://localhost:5001

Requests from other origins will be refused with a 400 error and the web interface will behave as if OctoBot was constantly disconnected.

By default, no request filter is set (equivalent to CORS_ALLOWED_ORIGINS=*) which might make your bot vulnerable to Cross Site Request Forgery attacks.

Configuration avec user/config.json

Add in user/config.json in the services key :

"web": {
    "auto-open-in-web-browser": false,
    "ip": "",
    "password": "",
    "port": 5001,
    "require-password": false

You can also change the IP your web interface is binding to from user/config.json.


"services": {
   "a service": {
   "web": {
        "auto-open-in-web-browser": false,
        "ip": "",
        "password": "",
        "port": 5001,
        "require-password": false
   "another service": {