# API Key Security We employ similar methods to secure your API Keys as we use to secure your trading data but with a few changes to make it even more secure.\ \ Once again, in order to preserve the security of your API Keys we have avoided discussing certain methods that we use to ensure your API Keys safety in order to preserve their efficiency. *** ## Read-only Keys All API Keys submitted to TradeStream have to be read-only. This means that the API Keys are only authorized to read data from your exchange accounts. They cannot be used to submit orders, transfer funds or withdraw money. {% hint style="warning" %} TradeStream's systems will automatically reject any keys that are not read-only. This is done for your safety. {% endhint %} **In the worst case scenario:** Even if a hacker gets access to your API Keys through TradeStream they would not be able to steal your money or submit trades with them. The worst they would be able to do is download your trading history. *** ## Encryption Just as with your trading data all API Keys are encrypted multiple times using AES256 encryption. Although we use different encryption keys for API Keys and trading data. ### Rotating encryption keys Similarly to trading data we regularily change the encryption keys used for API Keys and with that re-encrypt API Keys with the fresh encryption keys. But for API Keys we switch the encryption keys on a more frequent schedule in order to ensure less of a chance that anyone can crack your API Keys encryption. *** ## Decryption Your API keys are only decrypted when they need to be used to sign requests to your exchange's API. This means that until the API Keys need to be used they are always encrypted. As soon as they've been used they are re-encrypted to ensure their safety. Additionally, only certain secured TradeStream servers possess the encryption keys used for API Keys. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tradestream.xyz/misc/api-key-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.