API Key Security Best Practices

Learn how to keep your API credentials safe and secure while using Trading Bot Trading Bot. Your security is our top priority.

🚨 Critical Security Reminder

Trading Bot will NEVER ask for your API keys or passwords.

If anyone claiming to be from Trading Bot requests your credentials, it's a scam. Report it immediately.

Mandatory IP: 107.189.19.87 - Always whitelist this IP for trading to work

Security Fundamentals

API Keys

Secure credentials that allow Trading Bot to trade on your behalf without accessing your funds

Permissions

Only trading permissions needed - never withdrawal or transfer capabilities

IP Whitelisting

Restrict API access to Trading Bot's servers only (107.189.19.87)

Detailed Security Guidelines

Creating Secure API Keys

CRITICAL

Best practices when generating API keys on your exchange

Do's

  • ✓Use descriptive names like "Trading Bot Trading Bot"
  • ✓Enable only required permissions (trading, not withdrawal)
  • ✓Set IP restrictions to 107.189.19.87 (mandatory)
  • ✓Enable 2FA verification during creation
  • ✓Save credentials immediately in a secure location

Don'ts

  • ✗Never enable withdrawal or transfer permissions
  • ✗Don't use generic names like "API Key 1"
  • ✗Don't skip IP whitelisting (trading will fail)
  • ✗Don't create API keys on public WiFi
  • ✗Don't leave API creation page open unattended

Storing API Credentials Safely

CRITICAL

How to securely store and manage your API keys

Do's

  • ✓Use a password manager for API key storage
  • ✓Store in encrypted files with strong passwords
  • ✓Keep backup copies in separate secure locations
  • ✓Use unique, strong passphrases for each exchange
  • ✓Regularly audit and rotate API keys

Don'ts

  • ✗Never store API keys in plain text files
  • ✗Don't save credentials in browsers or emails
  • ✗Don't share API keys via messaging apps
  • ✗Don't store on shared computers or cloud drives
  • ✗Don't write API keys on physical paper

Controlling API Access

HIGH

Managing who and what can access your trading APIs

Do's

  • ✓Use IP whitelisting on all exchanges that support it
  • ✓Regularly review API usage logs on exchanges
  • ✓Set up alerts for unusual API activity
  • ✓Use separate API keys for different applications
  • ✓Monitor trading activity daily

Don'ts

  • ✗Don't allow unrestricted IP access
  • ✗Don't ignore unusual trading patterns
  • ✗Don't share API keys between multiple services
  • ✗Don't forget to check exchange security notifications
  • ✗Don't use the same API key for testing and live trading

Monitoring & Alerting

HIGH

Staying informed about your API security status

Do's

  • ✓Enable email alerts for API key usage
  • ✓Check Trading Bot dashboard daily
  • ✓Review exchange account activity regularly
  • ✓Set up balance change notifications
  • ✓Monitor for failed login attempts on exchanges

Don'ts

  • ✗Don't ignore security alerts from exchanges
  • ✗Don't disable important notifications
  • ✗Don't assume everything is fine without checking
  • ✗Don't delay investigating suspicious activity
  • ✗Don't rely solely on automated monitoring

Common Security Threats

Phishing Attacks

Fake websites or emails trying to steal your API keys

Prevention:

  • •Always type exchange URLs manually
  • •Check for HTTPS and valid certificates
  • •Never click API-related links in emails
  • •Verify sender addresses carefully

Social Engineering

Attackers impersonating support staff to get your credentials

Prevention:

  • •Never share API keys with anyone claiming to be support
  • •Verify support requests through official channels
  • •Be suspicious of urgent requests for credentials
  • •Trading Bot support will never ask for your API keys

Unsecured Networks

Public WiFi and unsecured connections exposing your data

Prevention:

  • •Use VPN when on public networks
  • •Avoid API management on public WiFi
  • •Use mobile data for sensitive operations
  • •Ensure home network is properly secured

Security Checklist

Setup Security

Ongoing Security

If You Suspect a Security Breach

Immediate Actions:

  1. Stop all Trading Bot bots immediately
  2. Disable compromised API keys on exchanges
  3. Change exchange account passwords
  4. Review recent trading activity
  5. Contact Trading Bot support

Investigation Steps:

  1. Check exchange security logs
  2. Review API usage patterns
  3. Scan devices for malware
  4. Update all security credentials
  5. Document the incident

Related Security Topics

Understanding API Permissions

Learn what permissions are needed and why

How Your Funds Stay Safe

Our security architecture explained

Questions about API security?

Contact Security Team