🔐API Key Security

We employ similar methods to secure your API Keys as we use to secure your trading data but with a few changes to make it even more secure. Once again, in order to preserve the security of your API Keys we have avoided discussing certain methods that we use to ensure your API Keys safety in order to preserve their efficiency.

Read-only Keys

All API Keys submitted to TradeStream have to be read-only. This means that the API Keys are only authorized to read data from your exchange accounts. They cannot be used to submit orders, transfer funds or withdraw money.

In the worst case scenario: Even if a hacker gets access to your API Keys through TradeStream they would not be able to steal your money or submit trades with them. The worst they would be able to do is download your trading history.

Encryption

Just as with your trading data all API Keys are encrypted multiple times using AES256 encryption. Although we use different encryption keys for API Keys and trading data.

Rotating encryption keys

Similarly to trading data we regularily change the encryption keys used for API Keys and with that re-encrypt API Keys with the fresh encryption keys.

But for API Keys we switch the encryption keys on a more frequent schedule in order to ensure less of a chance that anyone can crack your API Keys encryption.

Decryption

Your API keys are only decrypted when they need to be used to sign requests to your exchange's API.

This means that until the API Keys need to be used they are always encrypted. As soon as they've been used they are re-encrypted to ensure their safety.

Additionally, only certain secured TradeStream servers possess the encryption keys used for API Keys.