How to use API keys for crypto trading bots and the security of API asset management
In this article, we will explain how platforms like One Button Capital can make trades on your exchange account (Binance, FTX, Kraken, etc.) with API and security and potential vulnerabilities around it.
API (Application Programming Interface) is a set of programming instructions that allows two software programs to interact.
API is like a language that lets different software apps talk to each other.
In the case of One Button Capital, it allows our software to optimize and effectively manage your crypto portfolio directly on your exchange account.
The API is needed for external services to perform actions on your account. One Button Capital uses API for the following:
API is a direct link between One Button Capital and your exchange account.
API is commonly used amongst modern asset managers and Robo-advisors because it enhances financial management in 3 ways:
Using automated trading through API is significantly easier compared to traditional asset management. The strategy activation process is fully automatic and takes 5–10 minutes to complete. In the case of One Button Capital, all you have to do is to sign up for an OBC account, connect your cryptocurrency exchange with an API key, and choose the allocation size in USDT or USDC. That’s it, the rest will be taken care of by the software. You can view the product demo here.
After activating your One Button Capital account from an email invitation, simply follow the onboarding process on the website to link your API key. Here is the tutorial on how to connect your Binance API key to One Button Capital.
The API trading process involves a series of steps to ensure a) the safety of the connection and user’s assets, b) the accuracy of data, and c) the consistency of service.
Here is how the API trading process looks step-by-step at One Button Capital
A few things worth noting:
For Binance there are three different types of limits, all of which are subject to change at any time:
The Hard-Limits specifically are:
Additionally, Binance does not restrict you in the volume you can trade in a day. On some markets, you are allowed to make a market order up to 306 BTC, which is more than enough for 99.999% of crypto holders.
While API keys open the door to data analysis, trading bots, and other automation, crypto traders may not be fully aware of the risks associated with sharing API credentials with non-trustworthy third parties.
As a user, you can set different levels of permissions for your API keys.
To ensure the safety of your assets, don’t enable withdrawal/deposit access when linking your API key to an external platform. The bots need trade-only API access to function sufficiently.
API keys are stored encrypted in the One Button Capital database. In case anyone ever gets access to the database, all they would see is a random string of characters without any meaning.
The API keys are not visible on the One Button Capital app interface. So if anyone gets access to your app account, they cannot access your keys.
The bots can only execute trades on the markets they were assigned to. If the bot receives a buy/sell signal to trade on another market pair, this signal will be ignored.
The bots are limited to the position size assigned to them. If the bot receives a buy/sell signal to trade with a higher size than it currently holds, the signal will be ignored.
In case there is irregular trading activity noticed on an exchange account (the daily volume is 10x higher than the bot position size), a user will be immediately notified by email and Telegram.
To generate a new API key, you need to use 2FA (2-factor authentication).
The newly generated API secret can only be viewed once. If later you want to view existing API credentials, you can only see an API key. API secret is hidden forever.
There is a slight chance that a user himself may expose an API key. Therefore:
Even if after all the security precautions, a malicious actor gained access to the API keys, a) they cannot withdraw any funds b) they are limited by the API restrictions described in the paragraph above. Additionally, if using the One Button Capital platform, the affected user will be automatically notified and can disable the API key immediately.
Whitelist API Trading Symbol
If you are certain on which market pairs you want your AI to trade, you can use the API trading symbol whitelist function on Binance to restrict sub-account's Spot/Margin trading to the Master Account selected trading pairs only.
That will further enhance the security of your account and ensure that there will be no trading outside your chosen market pairs through the API.
Another safety measure to secure your funds from hacks is to use an IP whitelist function on your exchange. That will restrict your API to accepting trades only from the IP addresses in the list.
For maximum security and convenience, we will email you our list of IPs once you register on the One Button trading app. Those are the IP addresses we use on our servers to run the trading AIs. You can then add them to the ‘trusted IPs only’ tab when creating an API key.
Using an Application Programming Interface (API) as a middleman in your crypto trading gives you more control and transparency over your capital. It also simplifies the user experience and makes automation trading a lot easier.
You can connect your exchange to the One Button Capital app via an API key following a couple of steps. API keys are stored encrypted in the One Button Capital database and our software performs several security checks before executing any actions via your API.
Disclaimer: This article is for informational purposes only
We regularly prepare insightful reports and case studies about crypto trading and the blockchain industry.
We sent you a link to complete your sign-up.
Check your inbox, verify your email, and unlock all functionalities of your OB Trader account.
You were added to our waitlist. You will get an email within 3-5 days If you are shortlisted.