top of page

Protecting API Keys with MyITS: Essential Security Measures for Traders

Updated: Sep 13, 2023


api keys

 

Table Of Content
  • What is API key?

  • API Key Security Measures

  • Do's & Don'ts for API key

  • Conclusion

 

What is API key?


API keys are essential credentials to interact with third-party APIs and access valuable data or execute trades. However, it's crucial to use API keys in MyITS securely to protect sensitive information and ensure the integrity of your trading activities. Here's your guide to what to do and what not to do when it comes to protecting your API keys.


API Security Measures


These guidelines will help you protect your trading activities and guard against potential threats, even if you're new to API key security.


1. Protect your API keys like it's a Sensitive Information:


API keys are highly valuable and grant access to exchange accounts, so it is important to keep them confidential and treat them as sensitive information. Avoid saving API keys directly within the platform, and instead, write them down or store them safely in separate locations.


2. Use Safe Storage for API Keys:


Store API keys in secure places, such as protected files or special storage systems. Make sure only authorized people or processes can access these storage locations.


3. Limit API Key Permissions:


When you generate an API key, assign only necessary permissions to reduce the risk of misuse.


4. Rotate API Keys Regularly:


Change your API keys at regular intervals to minimize the impact of potential security breaches. You are require to change your API key every 90 days to ensure the safety of your funds.

5. Monitor API Key Usage:


Keep an eye on how your API keys are being used, including the frequency and types of requests. Set up notifications for any unusual activities or suspicious behavior, so you can quickly respond to potential security issues.

Do's & Don'ts for MyITS API keys


Do:


1. Make certain that only authenticated and authorized users can utilize the API within MyITS.


2. Employ whitelist, IP filtering, or other access control mechanisms to permit access exclusively to trusted entities or specific IP ranges.


3. Prioritize data encryption, such as HTTPS, for API communication to safeguard sensitive data from interception or tampering during transmission.


4. Shield Sensitive Information like passwords or identification numbers in API responses.


5. Keep API keys up to date and rotate them periodically to reduce the risk of key leakage and misuse.


6. Establish monitoring mechanisms to track API usage and log relevant information. Swiftly detect any unusual activities, security threats, or incidents and take appropriate measures for mitigation.


Don'ts:


1. Avoid Hardcoding API Keys, never hardcode API keys in publicly accessible code or repositories.


2. Refrain from transmitting or storing API keys in plain text or insecure locations.


3. Do not give out sensitive API details, such as error specifics or system configurations, to unauthorized users or potential attackers.


4. Never neglect security updates and vulnerability fixes. Timely update the API and related components to address known security issues.


5. Do not share API keys or access credentials. Keep API keys out of untrusted environments to prevent unauthorized access and misuse.


Conclusion

Keeping your API keys secure is essential for safeguarding your funds. By following the best practices of treating API keys as secrets, using secure storage methods, limiting permissions, rotating keys, securing communication, and monitoring usage, you can enhance the overall security of your bot.

bottom of page