Author

Topic: [FULL GUIDE] API KEY - WHAT is it , WHY you need it and HOW to create one (Read 250 times)

copper member
Activity: 686
Merit: 39
people who don't already know what something as simple as an API key is, should stay away from it because there is pretty good chance that touching it will lead to their loss specially these days that the internet is filled with lots of malicious websites and even malicious trading bots that fool people into giving them their keys (which is basically access to their funds) which they will abuse.



I personally disagree with this point of view. Especially considering how easy is, people should learn it, because ignorance can never be a better option.
I've made this guide after endless battles trying to explain what API KEYS are to HIGH RANK USERS in this forum.

Even if the user intentionally selects withdraw privileges, there are 2 more very safe barriers that any malicious scumbag needs to overcome in order to steal funds:
- 2FA
- Email confirmation

legendary
Activity: 1946
Merit: 1137
people who don't already know what something as simple as an API key is, should stay away from it because there is pretty good chance that touching it will lead to their loss specially these days that the internet is filled with lots of malicious websites and even malicious trading bots that fool people into giving them their keys (which is basically access to their funds) which they will abuse.
copper member
Activity: 686
Merit: 39
OK, but how do we plug in your API key and Secret into BitMex? I'm trying to do this to verify your results and it seems pretty complicated. Thanks in advance.

Nice question, that is done via terminal, you need python3.5 or above on your computer.
I will make a guide on the following days on how to do that and more, easy and step by step!

Otherwise you can simply link the following API KEY to portfolio trackers like
https://www.coinmarketman.com:

ID:
Code:
_rbjC_vOwJBRupytRPo7nxYI
SECRET:
Code:
V8AU7GvMLSry4mpKnKD1Bu8PBuYpLZx88dfn40Nkq1Dm59GE

and access the open account with just a few clicks!                               
copper member
Activity: 686
Merit: 39
Quote
An application programming interface key (API key) is a unique string of alphanumeric characters transmitted as part of an API request that authenticate the source of the API request. API keys can be of two types: Public API key and Private API key.
The API key often acts as both a unique identifier and a secret token for authentication, and will generally have a set of access rights on the API associated with it.
WIKIPEDIA



In very simple words, an API key identifies you on the service platform that generated the key. (instead of using email and password uses the key to log in)
An API key can be anything and do anything, simply because it depends on what kind of API generated it, but usually is used for remote access and data tracking.

Likewise crypto wallets, there are public and private API keys with the difference that API keys are more like tools that adapt based on your needs.
For example, if you want to give access at others to selected data/privileges, you simply need to create a Public API Key which authenticates them to access your account and do nothing more than what you allowed. On the contrary, if you want to give full privileges and access to all data , you would create a Private API Key, which of course should be for your use only.

Another important difference is that API KEYS can be disabled and enabled at will, which is something very handy.



API KEYS IN TRADING:

API Keys are very handy when trading, even if you are still trading in frontend, and know nothing about programming, you should always have a private key enabled and stored securely offline, just in case anything bad happens to the frontend of the exchange and you urgently need to entry/exit a trade or even worst you locked yourself out(2FA rekt)... having the API Key allows you to have a way back in the account via terminal.

Usually exchanges offer the following privileges settings for API Keys:
- Order ( you can create and cancel orders via key)
- Cancel (you can only cancel orders via key)
- ReadOnly ( you can only read unencrypted data, such as balance/trade history/orders/markets data via key but you can't interact with any)
- Withdraw ( you can send a withdrawal request which still needs to be confirmed via email)
- CIDR (useful for ip filtering , read more here)

API KEYS are also commonly used by big Brokers, Hedge Funds and Quant Shops to safely manage their clients' capitals without having direct access to the funds.


What follows is simple step by step guide on how to setup a Public API Key on Bitmex that can create and cancel orders(aka trading) but without the ability to send withdrawal requests.

Jump to: