API key security in TabTrader

In light of the recent controversy surrounding the leakage of crypto exchanges’ API keys, we would like to emphasize our commitment to the security of our user’s profiles.

Why your API keys are safe with TabTrader

API Key Storage

At Tabtrader, your API keys are stored in a secure database on one of our servers in an encrypted format. The server’s traffic is routed through a virtual private network (VPN), which makes it not visible to the public internet. This helps protect the server from malicious attacks and provides an extra layer of security for user data.

Two-Factor Authentication

All the TabTrader user profiles are protected with two-factor authentication (2FA), which is a security feature that requires a user to provide two separate forms of authentication to log in to their profile. Without 2FA enabled, our application will not allow you to add API keys for any centralized exchange. To learn how to enable two-factor authentication in TabTrader, watch the dedicated video tutorial on our YouTube playlist about the key features of the app.

What you can do to protect your API keys

Set only necessary permissions for your API keys

Most centralized exchanges (CEXs) allow users to set permissions for their API keys. This way, a user can customize the actions that a third-party application can perform on their exchange account.

Generally, exchanges break permissions into three categories: data, trading, and withdrawal. The “data” permissions allow the connected application to only view your account information. If you create API keys with “trade” access, the connected service will be able to make trades on your account. The “withdrawal” permission is a very sensitive one, as it allows the connected app to move funds from your account. As a rule, trading platforms and terminals do not ask for withdrawal permissions on your API keys.

Do not store your API keys locally or on cloud services

API keys should not be stored locally on your computer, in cloud services, or sent in messengers or emails. To transfer your API key from your computer to your mobile device, we recommend you use the QR generator on our official website.

Use separate API keys for different platforms

Using separate API keys for each app is an important security measure for ensuring the safety of your data. By limiting the scope of each key, you are able to better control access to your data and can more easily detect any unauthorized use.

Delete unused API keys

Unused API keys are a potential security risk. Any API keys that are no longer in use should be deleted to prevent them from being exploited by malicious actors.

Rotate your API keys regularly

Rotating your API keys regularly helps reduce the risk of unauthorized access by ensuring that if a key is compromised, it will only be valid for a limited period of time.

Protect your login info for both your exchange accounts and your TabTrader profile

• Use a unique and secure password
• Never share your login credentials with anyone
• Never login to your account from someone else’s device
• Store your passwords in a trusted password manager (e.g., Keepass)
• Do not store your passwords on cloud services
• Avoid using public Wi-Fi networks to access your accounts
• Use 2FA whenever possible (it’s better to use an authenticator app or a hardware authentication device rather than SMS-based authentication)
• Change your password regularly
• Beware of phishing emails that mimic emails from your exchange
• Use VPN whenever possible
• Do not install browser extensions from unknown sources
• At haveibeenpwned.com you can check if your password has ever been leaked 

At TabTrader, we place a high priority on user security and take all necessary steps to safeguard our users’ data. Please do not hesitate to contact us if you have any questions or concerns. And if you need help connecting your exchange account to TabTrader, check out this YouTube playlist.