How Bothub Protects Your API Keys
Why API Key Security Matters
Bothub connects to your exchange through API keys.
An API key is a technical access tool that allows Bothub to send trading instructions to your exchange account. It is not your exchange password, and it does not give Bothub full access to your account.
Because API keys are sensitive, Bothub protects them with secure storage and encryption practices.
The goal is simple:
- Keep your API keys protected.
- Use only the permissions needed for trading.
- Never request withdrawal access.
- Keep your funds on your exchange account.
- Give you control over the connection.
Bothub Encrypts API Keys
When you connect an exchange, Bothub securely stores your API credentials using encryption.
Encryption means your API key data is converted into a protected format that cannot be read as plain text without the required security process.
This helps protect sensitive information and reduces the risk of unauthorized access.
Bothub treats API keys as highly sensitive data because they are used to connect your exchange account to automated trading bots.
We Only Request Trading Permissions
Bothub does not need full account access.
To run automated trading bots, Bothub only needs trading-related permissions. These permissions allow the bot to place and manage trades based on the strategy you choose.
Bothub may need permissions such as:
- Read account and balance data.
- Read market and order data.
- Place buy and sell orders.
- Manage spot or futures trades, depending on the bot type.
Bothub does not need withdrawal permission.
You should never enable withdrawal access for a Bothub API key.
Bothub Does Not Have Withdrawal Access
Withdrawal access is not required for automated trading.
Bothub does not ask for permission to withdraw funds, transfer assets, or move money to external wallets.
This is one of the most important safety principles of the platform.
Bothub cannot:
- Withdraw your funds.
- Send your assets to another wallet.
- Transfer money outside your exchange.
- Change your exchange password.
- Change your email or 2FA settings.
- Take over your exchange account.
The API key is used only for the permissions you approve inside your exchange account.
Your Funds Stay on Your Exchange
Bothub is a non-custodial platform.
This means your funds do not move to Bothub.
Your crypto remains inside your own exchange account, such as Binance, Bybit, Kraken, or Hyperliquid.
Bothub does not store user funds and does not control withdrawals.
You can always check your balance directly on the exchange.
Why This Is Safer Than Depositing Funds Into a Platform
Some platforms require users to deposit funds into platform-controlled wallets or accounts.
Bothub works differently.
You connect your exchange through API, but your funds stay where they already are — on your exchange account.
| Feature | Bothub API Model | Deposit-Based Model |
|---|---|---|
| Where funds are stored | On your exchange | On the platform |
| Platform holds user funds | No | Yes |
| Withdrawal permission required | No | Often yes |
| User controls funds | Yes | Limited |
| Can disable access from exchange | Yes | Depends on platform |
| Used for automated trading | Yes | Yes |
With Bothub, the bot can trade using approved API permissions, but it cannot withdraw your funds.
You Control the API Key
API keys are created and managed inside your exchange account.
That means you decide which permissions are enabled.
You can also disable or delete the API key at any time directly from your exchange account.
If you delete or disable the key, Bothub will no longer be able to send trading instructions through that connection.
You remain in control of the connection.
What Happens If an API Key Is Disabled?
If you disable or delete your API key on the exchange, Bothub loses access to that exchange connection.
As a result:
- Active bots may stop working.
- New trades will not be placed.
- Existing bot automation may be interrupted.
- You may need to reconnect the exchange to continue using bots.
This gives you a direct safety control from the exchange side.
Best Practices for API Key Safety
To keep your exchange connection secure, follow these rules.
1. Never enable withdrawals
Bothub does not need withdrawal access.
Always keep withdrawal permissions disabled when creating an API key.
2. Use IP restrictions when available
Some exchanges allow you to restrict API keys to trusted IP addresses.
If this option is available, use the IP addresses provided by Bothub.
This adds an extra layer of protection because the API key can work only from approved servers.
3. Do not share API keys
Never send your API key or secret key through Telegram, Discord, email, or social media.
Bothub support will never ask you to send your API secret in a chat message.
4. Review permissions before saving
Before creating or saving an API key, check which permissions are enabled.
Only enable the permissions required for the bot you want to use.
5. Delete unused keys
If you no longer use an API key, delete it from your exchange account.
This keeps your account cleaner and reduces unnecessary exposure.
Security Does Not Remove Market Risk
API key protection helps secure the exchange connection.
However, secure access does not mean risk-free trading.
Automated trading still involves market risk. Crypto markets are volatile, and bot performance can vary depending on market conditions, liquidity, fees, and strategy behavior.
Bothub is designed to reduce manual decision-making and help users trade through data-driven automation.
It does not guarantee profit and does not remove the possibility of losses.
Summary
Bothub protects user API keys with encryption and only uses the permissions required for trading automation.
The key points are:
- API keys are securely stored and encrypted.
- Bothub only needs trading permissions.
- Withdrawal access is not required.
- Your funds stay on your exchange.
- Bothub does not store user funds.
- Bothub cannot withdraw your money.
- You can disable or delete the API key at any time.
- Trading risk still exists, even with secure API access.
Bothub is built around non-custodial automation, transparency, and user control.
Your exchange account remains yours. Your funds remain on the exchange. The API key is only used to run the bot strategy you choose.