How We Protect Your API Keys

We know that when using our automated trading system, the most important question on your mind is, "How secure are my API keys?"

Your security is the cornerstone of our system. Therefore, we want to transparently explain the multi-layered and nearly impenetrable security architecture we have designed to protect your API keys.

Layer 1: Impenetrable Portal Access and Authorization

First and foremost, we strictly control who can access the Auto-Trade portal where you enter your API keys.

• Exclusive Access for Prime Members Only: Access to our Auto-Trade portal is exclusive to our verified users with 'Prime' status. If you are not a Prime member, you cannot even see the portal's entrance or acknowledge its existence.

• Unique and Personalized Access Link: Each of our Prime users accesses the portal via a unique link generated specifically for their wallet address. This means there is no standard login page.

• Wallet Address Verification: Even if an attacker somehow obtains a Prime user's unique link, our system verifies the wallet address of the person trying to log in. If the wallet address does not match the link or does not have Prime status, access is instantly denied.

• Protection Against Attacks and Brute-Force Attempts: An unauthorized person attempting to access the portal through methods like direct link guessing will immediately receive an 'Access Denied' warning. After three failed attempts, the corresponding IP address is permanently banned from our system (IP Ban).

Layer 2: On-Platform Display and Usage Security

Even when you access the portal as an authorized user, the security of your API keys continues.

• API Key Invisibility: Once you enter your API key, the full key is never made visible on the platform again. As seen in image trade1.png, your key is always masked, like '••••••••••••vXTG'.

• Irretrievable Editing: If you click the 'Edit' button to modify the key, you will be presented with empty input fields, as shown in image trade2.png. The system does not recall the existing key to the editing screen. This means that even someone who gains access to your account cannot copy your current API key.

• Absence of Withdrawal Permissions: As a fundamental security rule, we require that you keep the 'Enable Withdrawals' permission disabled when creating your API key. This guarantees that even in a worst-case scenario, your funds can never be moved out of your wallet.

Layer 3: Unbreakable Backend and Database Encryption

The real protection for your API keys lies within our unseen backend systems.

• Dual-Layer Encryption: Your keys are first stored in a high-security database that is itself encrypted. However, our protection doesn't stop there. Each API key and secret key stored within the database is additionally encrypted as a second layer.

• Variable and Custom Cryptography: This second-layer encryption uses a complex, variable key that is uniquely generated for each user. This ensures that even if one encryption key were compromised, the data of all other users would remain secure.

• SHA-256 Level Difficulty: The difficulty of breaking this encryption methodology is theoretically equivalent to breaking a one-way cryptographic hash function like SHA-256. In short, the probability of an attacker bypassing all our security layers to access your keys in their raw (unencrypted) form is mathematically close to zero.

Conclusion: Trade with Complete Peace of Mind

As you can see, your API keys are protected by strict access rules, on-platform invisibility, and a dual-layered backend encryption that is nearly impossible to break. This multi-faceted approach provides a level of security that goes far beyond industry standards.

This allows you to sit back and trade with confidence.