Author

Topic: Idea how to allow web apps use your crypto trading API keys, but not trust them (Read 140 times)

newbie
Activity: 7
Merit: 0
Yes I realize that, that's what I meant but for trading bots, don't you think it's going to be inconvenient? If your extension is going to ask for a confirmation each time? bots are supposed to be working all the time without interruption as I said.

Excuse me, now I understand. This idea isn't suitable for automated trading bots. It's for third-party trading platforms where you trade yourself.
staff
Activity: 3500
Merit: 6152
Trading bot cannot operate in read-only mode, because they have to, actually, trade: placing orders.
When you set up trading bot, you provide it with trading API keys. And bots ofter run at your side.

Did you try, for example, Coinigy trading platform?
While using apps like Coinigy, you're providing third party with your trading keys for being able to place orders.

Yes I realize that, that's what I meant but for trading bots, don't you think it's going to be inconvenient? If your extension is going to ask for a confirmation each time? bots are supposed to be working all the time without interruption as I said.
newbie
Activity: 7
Merit: 0
Trading bot cannot operate in read-only mode, because they have to, actually, trade: placing orders.
When you set up trading bot, you provide it with trading API keys. And bots ofter run at your side.

Did you try, for example, Coinigy trading platform?
While using apps like Coinigy, you're providing third party with your trading keys for being able to place orders.
staff
Activity: 3500
Merit: 6152
But exchanges now provide APIs with read-only access, for example seeing the orders, balance etc without being able to trade. So unless the service you're using is a trading BOT, there is no need to give other access in the first place and even If you decide to do that for the trading bots, won't that be inconvenient? since a BOT is supposed to be running 24/7 without interruption?
newbie
Activity: 7
Merit: 0
I’m thinking about how to give web apps ability to use your crypto exchanges’ API keys safely, so you can benefit from using those services, but not trust them. The idea I came up with is to create open source browser extensions which can use your keys and sign your trading requests on demand of web app (with your confirmation, of course).

This way, you can view extension’s source code to make sure it does no harm, verify it’s signature and checksum, and only then give it your precious API keys which it would store highly encrypted and locked with your password.

When an app needs to sign a trading request on your behalf, it communicates with browser extension providing it with the required data. Extension asks your confirmation for the operation, signs the request to the exchange and sends it.

What do you think about this approach? Would it make crypto services, which require access to trading APIs, more trusty?

P.S. This could be not only a browser extension, but any kind of service/app/script that you can totally control.
Jump to: