Day 27: Public Portfolio API & Risk Alerting System

~5 min read

What I Built

  • Public Portfolio API with 5 endpoints (summary, equity history, trades, trade details, metrics)
  • Redis caching layer with TTL management for API performance
  • Rate limiting and CORS security
  • Data sanitization removing sensitive trading parameters
  • Real-time risk alerting system with Telegram and Email notifications
  • AlertManager with async callback system and multiple alerter implementations
  • Dashboard integration with AlertPanel and RiskMetricsPanel components
  • Comprehensive API testing suite with security validation

Code Highlight

@asynccontextmanager
async def get_session():
    """Get async database session as context manager."""
    session_maker = get_async_session_maker()
    session = session_maker()
    try:
        yield session
    finally:
        await session.close()

@dataclass
class Alert:
    level: AlertLevel
    title: str
    message: str
    timestamp: str
    metadata: Optional[dict] = None

class AlertManager:
    """Manage and dispatch trading alerts."""

    def __init__(self):
        self.callbacks: List[Callable[[Alert], Awaitable[None]]] = []
        self.alerts: List[Alert] = []

    async def send_alert(self, alert: Alert):
        """Send alert to all registered callbacks."""
        for callback in self.callbacks:
            if callback is not None:
                try:
                    await callback(alert)
                except Exception as e:
                    logger.error(f"Alert callback failed: {e}")

Architecture Decision

The public portfolio API represents a critical balance between transparency and security. By exposing sanitized trading data (entry/exit prices, P&L, win rates) while removing sensitive parameters (position sizes, stop losses, strategy internals), I enable community trust-building without compromising competitive advantages. The Redis caching layer ensures API performance while rate limiting prevents scraping attacks.

Testing Results

All 8 API tests pass, covering security validation, rate limiting, and data sanitization:

  • Portfolio summary endpoint returns sanitized metrics
  • Equity history API with proper date range validation
  • Paginated trades endpoint with status filtering
  • Individual trade detail with AI reasoning exposure
  • Rate limiting blocks requests exceeding thresholds
  • Data sanitization removes sensitive position sizing data
  • Alert system integration with Telegram/Email dispatch
  • Dashboard components render real-time risk metrics

Next Steps

Day 28: Frontend portfolio page implementation with real-time charts and trade history visualization.

Follow @therealkamba on X for regular updates. View all posts →