Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.alterscope.org/llms.txt

Use this file to discover all available pages before exploring further.

You operate a stablecoin-heavy strategy and need to exit on the first credible signal that a peg is breaking. The risk-events feed delivers depeg starts as they happen, with peg health, deviation in basis points, and the underlying classification.

What you build

A signed webhook receiver that listens for peg.depeg.start and triggers your existing kill-switch.

1. Subscribe to the event

from alterscope import AlterscopeClient

client = AlterscopeClient(api_key="sk_live_...")

sub = client.webhooks.create(
    url="https://your.app/hooks/alterscope",
    events=["peg.depeg.start", "peg.depeg.end"],
)
# The signing secret is returned once on creation as sub.signing_secret — store it now.
print(sub.id)

2. Verify the signature

Every delivery sets Alterscope-Signature: t=<unix>,v1=<hex> (the v1 MAC is HMAC-SHA256 of <t>.<raw_body>). Recompute, compare v1 in constant time, and reject stale timestamps (~5 min) or anything that doesn’t match. A legacy X-Alterscope-Signature (raw-body hex) is dual-sent during the 60-day transition. 
import hmac, hashlib

def verify(secret: bytes, body: bytes, header: str) -> bool:
    parts = dict(p.split("=", 1) for p in header.split(","))
    expected = hmac.new(secret, f"{parts['t']}.".encode() + body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(parts["v1"], expected)

3. Sample payload

{
  "type": "peg.depeg.start",
  "data": {
    "asset_id": "0x6b17...USDC",
    "deviation_bps": 87,
    "peg_health_score": 31,
    "as_of_block": 22341123,
    "as_of": "2026-04-27T08:32:11Z",
    "classification": "credit_event_suspected"
  },
  "meta": { "_agentic": { "freshness": { "status": "fresh" } } }
}

4. Troubleshooting

  • Missed events: webhooks retry with exponential backoff for 24 hours, then DLQ. Use the replay recipe to recover.
  • Duplicate deliveries: receivers should be idempotent on data.as_of_block + asset_id.
  • Signature failures: confirm body is the raw bytes, not the JSON-decoded object.