API trading brings convenience and efficiency to our trading strategy. However, different risks come with it as well.
In the crypto world, it’s essential to learn about the risks before stepping into trading.
There are a few pieces of advice in this article that will show you how to better protect your assets when using API trading.
1. Never share your API key and secret
API key and secret are indispensable information when using API trading. Anyone who has these two pieces of information will gain full access to what you choose to grant when creating the API key.
Make sure you are the only person who knows your API key and secret.
We recommended storing the information locally and best if offline.
2. Don’t store your API key in your code.
Putting the API key and secret in the source code may sound like a convenient choice. However, by doing so the risks of exposing your key and secret increased significantly. Please store your key and secret offline or written on paper, or use some KMS(key management service) service solution to protect your keys.
3. Generate a new key if you suspect a breach
If you think your API credentials have been compromised, you can change your API key and secret by simply deleting the old one and creating a new one.
4. Be very careful when you are linking your API to any third-party services.
There are plenty of companies that provide API trading services connected to exchanges. Be extremely careful about the legitimacy of the third-party API trading service provider, and be aware of scams, even a clon website. Never use unknown links to log in to those websites.
5. Bind trusted IP addresses for API key on WOO X
Only the main account is allowed to have withdrawal permissions. It’s a WOO X feature to bind trusted IP to avoid API leak and hijacker using API call to damage your funds.
Last but not least, Feel free to submit a ticket if you have any further questions or need help regarding API security.