Securing Your Account: API Key Safety Guide

At TradingMaster AI, we prioritize security above all else. But establishing a secure environment is a shared responsibility. When connecting your exchange account (Binance, Coinbase, etc.) to our platform, following these best practices is non-negotiable.

What is an API Key?

An API (Application Programming Interface) Key is like a username and password that allows two software programs to talk to each other. It lets TradingMaster sends "Buy" or "Sell" signals to your exchange.

The Golden Rules of API Safety

1. READ-ONLY & TRADING Permissions ONLY

NEVER enable "Withdrawal" permissions.

• ✅ Enable Reading: Allows us to see your balance (required).
• ✅ Enable Spot/Margin Trading: Allows us to place orders (required).
• ❌ Enable Withdrawals: NEVER CHECK THIS. If a bad actor got your keys, they could drain your funds. With this disabled, your money is stuck on the exchange, safe from theft even if keys are compromised.

2. IP Whitelisting

For maximum security, restrict your API keys to only accept commands from TradingMaster's specific IP addresses.

• This means even if a hacker stole your API key, they couldn't use it from their own computer.
• Note: Contact support for our current list of Whitelist IPs.

3. Regular Key Rotation

Change your API keys every 90 days. It’s a healthy hygiene habit that limits exposure time.

Account Level Security

Beyond keys, ensure your TradingMaster account is bulletproof:

• 2FA (Two-Factor Authentication): Enable Google Authenticator. SMS 2FA is better than nothing, but App-based is superior.
• Phishing Awareness: Always check the URL is tradingmaster.app before logging in.

Security isn't exciting, until it saves you. Take 5 minutes today to audit your API permissions.