BUY EUR/AUD Win BUY NZD/CHF Loss BUY US100 Win BUY EUSTX50 Loss BUY US30 Loss SELL EUR/CHF Win, TP 2 Touched. SELL NZD/CHF Win SELL USOIL Open SELL AUD/NZD Win SELL AUD/JPY Win BUY EUR/CHF Win BUY BTC/USD Win SELL GBP/USD Open BUY BTC/USD Win, TP 4 Touched. SELL AMZN Win, TP 4 Touched.
EA & Platform Connectors Advanced

WebRequest URL Whitelist

Also known as: allowed urls, webrequest permission, url whitelist, mt4 webrequest, allowed urls list, webrequest url list, allow webrequest

What is it?

A WebRequest URL whitelist is the explicit list of internet addresses that an Expert Advisor running inside MetaTrader 4 or 5 is allowed to contact through the platform's WebRequest() function. By default the platform blocks every outbound web call an EA tries to make, and it will only let a request through if its exact base address has been added by you under Tools, then Options, then Expert Advisors, in the Allow WebRequest field. Imagine you install a signal or connector EA that needs to pull trade instructions from a server such as https://api.signalbots.ai; until you type that address into the allowed list and click OK, the EA simply gets a blocked response and does nothing, even though the code itself is perfect.

The security gate
flowchart TD
    A["EA calls WebRequest()<br/>e.g. https://api.signalbots.ai"] --> B{"Exact base address<br/>in Allow WebRequest list?"}
    B -- "Not listed,<br/>or wrong scheme / path / port" --> C["❌ Request blocked<br/>EA looks dead, no signals"]
    B -- "Exact host match" --> D["✅ Request allowed<br/>EA reaches its endpoint"]
    C --> E["Add the exact host under<br/>Tools → Options → Expert Advisors"]
    E --> B
    classDef reject fill:#df2c5329,stroke:#df2c53,stroke-width:2.5px
    classDef accept fill:#3bb27329,stroke:#3bb273,stroke-width:2.5px
    class C reject
    class D accept
MetaTrader blocks every EA web call until you add the exact host to Allow WebRequest; only then do signals reach the terminal.
MetaTrader blocks every EA web call until you add the exact host to Allow WebRequest; only then do signals reach the terminal.

This is the single most common reason a freshly installed connector appears dead on first run. The whitelist is a deliberate security gate, not a bug or a malfunction: MetaTrader assumes any EA could in theory send your data anywhere on the internet, so it forces you to approve each destination by hand and refuses anything you have not explicitly named. The match is on the base domain, so you whitelist the host once and the EA can call any path beneath it.

The common pitfall is whitelisting the wrong form of the address, such as adding http when the endpoint is https, including a trailing path, or forgetting the port, after which the EA stays blocked and the user wrongly assumes the product is broken rather than the address simply being unapproved.

Why it matters: Without the endpoint whitelisted, a perfectly coded signal or connector EA is silently blocked and looks dead, so getting this one setting right is the difference between a working integration and a confusing failure.

Trade impact: High

An unwhitelisted endpoint blocks the EA entirely, so signals never arrive and no trades execute until the address is approved.

Real-world example

A trader installs a connector EA but sees no trades; the fix is adding https://api.signalbots.ai to Tools, Options, Expert Advisors, Allow WebRequest, after which the EA begins reaching its endpoint normally.

How SignalBots handles it

When you use the SignalBots MT4/MT5 Connector, whitelisting our endpoint is the one manual step that lets the EA receive signals; once approved, the connector talks to our servers with sub-10ms delivery so instructions reach your terminal without delay.

Pro tip

Copy the exact base address from your provider's setup page, paste it into the Allow WebRequest list with the correct http or https scheme and no trailing path, then restart the EA so it picks up the new permission.

Common pitfalls

Whitelisting the wrong scheme, an extra path, or a typo in the host, leaving the EA blocked while you assume the product itself is broken.

FAQs

Frequently asked questions

My EA does nothing on first run, is it broken?

Usually not. The most common cause is that its server address has not been added to the WebRequest whitelist yet, so MetaTrader is silently blocking every web call the EA tries to make.

Where do I add the allowed URL?

In MetaTrader, open Tools, then Options, then the Expert Advisors tab, tick Allow WebRequest for listed URL, and type the exact base address there before clicking OK.

Why does MetaTrader block URLs by default?

It is a deliberate security gate. Because any EA could in theory send data anywhere on the internet, the platform forces you to approve each destination by hand rather than allowing open access.

Do I whitelist the full path or just the domain?

Add the base address, such as https://api.example.com, including the correct http or https scheme. The match is on the host, so the EA can then call any path beneath that domain.

I added the URL but it still fails, what now?

Check for a wrong scheme, a trailing path, a missing port, or a typo, then restart the EA so it reloads the permission. A single character off will keep the request blocked.