And what i'm learning is an API key is a special password that allows programs access to your Bitcoin exchange wallet.
What I need to know, is how secure this is.
I understand that if someone has your API key this is basically the equivalent of your master private key to your wallet.
With the API key someone they can steal your money. (http://www.reddit.com/r/Bitcoin/comments/1sxcyr/coinbase_account_was_hacked/)
So I need to understand how to keep this secure before I go create one and put it into a strange trading app I just downloaded off the internet.
What is the "shared secret"?
And what is preventing a software program like http://sourceforge.net/projects/bitcointrader/
From simply relaying that private key to a 3rd party (or software designers for that matter) and allowing them to steal your coins?
( I'm getting the notion that most people use trading software and bots to trade bitcoin, so i'm wanting to try this as well since i've not been profitable yet, and maybe this is the solution. )
Thanks for your guidance. =)
It depends on the type of application that the API key is for. One huge plus of most API keys is that they are (usually) easily revoked. Many sites that have API's let you choose what that API key can be used for, and even who can use it. For example, my blockchain.info account emails me as soon as someone tries to use my API key from a previously untrusted IP address and I can choose to whitelist/ban accordingly.
If you do not restrict your API persmissions, or an application requires full access....yes, your API key can be abused and it can be almost as bad as someone having your account password. If a program requires unrestricted API access, be sure to do your research and make sure you can trust that program.