TradeSTream
  • Start Here
    • 🖥️TradeStream
      • 🏦Supported Exchanges
      • What Our Users Say
    • Sign Up
  • Free Premium Access
    • 🔑Unlocking your account
    • Free access for an existing account
      • Free Access | BloFin
      • Free Access | ByBit
      • Free Access | Hyperliquid
    • Free access for a new account
    • How do I know if I have Free Access?
  • Accounts
    • ➕Adding API Keys
      • Add a ByBit Account
      • Add a Binance Account
      • Add a Hyperliquid Account
      • Add a BitGet Account
      • Add a BloFin Account
      • Add a WOOX Account
    • Account Manager
    • Resync an account
    • Deleting an API Key or your account
  • Pages
    • Home Page
    • General Analytics
    • Dashboard
    • 📅Calendar
  • 📊Reports
    • Symbols Report
    • Tags Report
    • PnL Curve Report
  • 📒Journal
    • 📒Journal page
    • Trade Details
      • Price Chart
      • Statistics
      • Notes
      • Tags & Tag Manager
      • Images
      • Stoploss & Targets
  • General
    • Timezone and Time format
    • Filtering
    • 🔼Permanent Filters
    • Breakeven Filter
  • Misc
    • Brand Kit
    • 🔒Security & Privacy
    • 🔐API Key Security
    • 📜Terms of Service
    • 📩Contact Us
Powered by GitBook
On this page
  • Read-only Keys
  • Encryption
  • Rotating encryption keys
  • Decryption
  1. Misc

API Key Security

How we secure your API Keys

We employ similar methods to secure your API Keys as we use to secure your trading data but with a few changes to make it even more secure. Once again, in order to preserve the security of your API Keys we have avoided discussing certain methods that we use to ensure your API Keys safety in order to preserve their efficiency.

Read-only Keys

All API Keys submitted to TradeStream have to be read-only. This means that the API Keys are only authorized to read data from your exchange accounts. They cannot be used to submit orders, transfer funds or withdraw money.

TradeStream's systems will automatically reject any keys that are not read-only. This is done for your safety.

In the worst case scenario: Even if a hacker gets access to your API Keys through TradeStream they would not be able to steal your money or submit trades with them. The worst they would be able to do is download your trading history.

Encryption

Just as with your trading data all API Keys are encrypted multiple times using AES256 encryption. Although we use different encryption keys for API Keys and trading data.

Rotating encryption keys

Similarly to trading data we regularily change the encryption keys used for API Keys and with that re-encrypt API Keys with the fresh encryption keys.

But for API Keys we switch the encryption keys on a more frequent schedule in order to ensure less of a chance that anyone can crack your API Keys encryption.

Decryption

Your API keys are only decrypted when they need to be used to sign requests to your exchange's API.

This means that until the API Keys need to be used they are always encrypted. As soon as they've been used they are re-encrypted to ensure their safety.

Additionally, only certain secured TradeStream servers possess the encryption keys used for API Keys.

PreviousSecurity & PrivacyNextTerms of Service

Last updated 9 months ago

🔐