Application Programming Interfaces (APIs) play a crucial role in the ever-growing cryptocurrency trading scene. In order to automate or aggregate certain processes or information, you’ll need to grant different levels of third-party access to your exchange API keys.
We believe that having an educated community improves the ecosystem for all parties involved as it ensures security-related awareness and narrows the possibility for bad actors who may take advantage of unwary users. In other words: Better safe than sorry.
This topic is of high importance to us because the Zenfuse app needs to be connected with users’ exchanges in order to actively manage their portfolios. As such, we decided to create a quick guide on Exchange API keys, their function, why we need to access them, and, most importantly, how we’re going to make sure this data stays tightly locked.
What is a Cryptocurrency Exchange API and API Key?
A cryptocurrency exchange API is a sort of bridge that allows third-party applications to collect data on users’ holdings or to manage them from afar. APIs allow third-party applications to connect with exchanges, execute trades, pull, and receive data in real-time. In order to do so, however, a key is required.
An exchange API Key is an authentication system created by exchanges to promote safety when sharing any API-related information with third-party applications. Thus, allowing safe communication between involved interfaces.
Why does Zenfuse need your API keys?
API management and security are core components of our product as it is used by traders to access and control multiple exchanges from the Zenfuse platform interface. Sharing your private API Keys comes with an inherent risk factor that most savvy traders are willing to take on.
When a connection is made to an API, it needs to be authenticated. For this reason, Zenfuse asks users to provide their keys. After sharing your API Key, Zenfuse can import data from your exchanges based on your allowed permissions.
After adding your keys, and the security verification process is complete, users can access all their data from other exchanges. Thus, safely trading their assets or managing their whole portfolio through Leon. Note that Zenfuse will never request access to the fund’s withdrawal function.
How does Zenfuse keep your keys safe?
Our team focuses on keeping your API Keys safe. Security measurements include regular backups and user data encryption. Additionally, we use two-factor authentication (2FA), IP whitelisting, instant login notifications, secure sockets layer (SSL), strong Distributed Denial of Service (DDoS) protection, and account/IP lockouts to prevent any hacking attempts.
Additionally, we also prevent possible attack vectors by storing important data out of centralized servers, keeping user data safe, deploying advanced encryption techniques like Digital Envelope, and storing information on hardware encryption devices (HSM).
We store API keys in secret which ensures they are always kept safe. Important information will not be stored on any of our servers, which means data cannot be stolen from our users. Users will employ a disposable password to manually authorize the Zenfuse to perform actions on their behalf.
With the implementation of a centralized token storage facility, we can secure all sensitive data. It allows us to provide a complete access log to track requests of a particular token. Recurring to the hierarchical organization for token distribution, our system will issue a new trader token for every new user. All the sensitive data and personal tokens from crypto exchanges will be treated as child tokens. And the parental trader token will be controlled by the user.
Users will be able to revoke their tokens remotely through mobile devices. If a trader token is revoked, all subsidiary tokens will follow. Therefore, in the case of an external attack, the system will perform a “break-glass” procedure to protect users’ tokens and mitigate any theft attempt.
How to connect your API with Zenfuse?
To connect your crypto exchange with Zenfuse, you just need to follow the steps below:
- Log in to your Exchange
- Click on your profile icon, and select API management*
- In the API management section, add the name of your new API
- Make sure you turn on enable reading and enable stop loss & margin trading in the restriction settings
- Copy the API key and secret key
- Paste the API Key on the fields showed in the image above
- Click connect and wait for verification
Note that the information above is shared for illustration purposes only. Each exchange will have different steps to take in order to access the API keys. In the future, we will be providing tutorials for each exchange that can be accessed through our platform.
About Zenfuse
Zenfuse is a powerful all-in-one platform for cryptocurrency traders and investors.
It aggregates multiple cryptocurrency exchanges, allowing control of funds via API, and powers up the trading process, making trading more profitable, simple, and stress-free.
Our cross-platform app provides rich analytics of both your portfolio and order history, giving you the ability to control your funds on a mobile device.
