Incorrectly configured API keys can lead to the loss of all funds at an exchange. Please pay attention to the following points and handle API keys very carefully, just like your passwords.
- When creating a new API key, always assign only the permissions that are required (see above)
- CoinTracking only requires keys with read-only permission
- Make sure that your keys have no trade or withdrawal permissions
- Use an API key only with a single service (like CoinTracking). Using one key for multiple services will always result in errors.
- All API secrets stored at CoinTracking are encrypted and cannot be viewed or decrypted by our employees. We will never ask you for keys with permissions other than 'read-only'.
- Some exchanges allow whitelisting of IPs. This increases the security of your key. You can find IPs used by CoinTracking here.
- Check your key permission and change your keys from time to time just like your passwords
- Do not write down API keys and secrets locally on your computer or in the cloud
- If your browser automatically saves form data and passwords, make sure that your API secrets are not stored
- Never share your keys with services you don't trust
- A few exchanges do not have any API permissions and each key has full access. Avoid such insecure exchanges and switch to trustworthy exchanges.