Follow essential security practices when managing API keys for automated trading
Guided flows
Guided step-by-step flows for setup and operations.
When creating API keys for automated trading, never enable withdrawal permissions. QuantumEdge enforces this by rejecting keys with withdrawal access. Trade-only keys ensure that even in a worst-case scenario, your funds cannot be moved off the exchange.
If Kraken supports IP whitelisting for API keys, consider restricting access to known addresses. This adds an additional layer of protection against unauthorized use.
Rotate your API keys periodically. Generate a new key on Kraken, update it in QuantumEdge under Settings > Exchanges, then revoke the old key on Kraken.
Check Kraken's API activity logs regularly for unexpected access patterns. QuantumEdge also logs all trade actions in its audit log, which you can review under your deployment history.
Never share API keys in emails, messages, or screenshots. Use a password manager for backup storage.