How API Works
What Is an API Connection?
An API connection is a secure way for Bothub to communicate with your exchange account.
Instead of giving Bothub access to your exchange login, password, or funds, you create a special access key inside your exchange account. This key allows Bothub to send trading instructions based on the bot strategy you choose.
In simple terms:
- Your funds stay on your exchange.
- Bothub does not hold your money.
- Bothub does not have withdrawal access.
- The API key is used only to trade according to the permissions you allow.
This is how automated trading platforms connect to exchanges safely and transparently.
Why Bothub Uses API Instead of Deposits
Bothub is a non-custodial automated trading platform.
That means you do not deposit funds into Bothub. Your balance remains inside your own exchange account, such as Binance, Bybit, Kraken, or Hyperliquid.
Bothub connects to the exchange through an API key and uses that connection to execute trades based on the strategy you start.
This approach gives you more control:
- You keep your funds on the exchange.
- You can see your balance at any time.
- You can disable the API key whenever you want.
- You decide which permissions the key has.
- Bothub cannot move your money outside the exchange.
💡 Bothub needs USDC on your exchange balance to run bots. If your funds are held only in BTC, ETH, or another asset, the bot may not be able to start until USDC is available.
What Bothub Can and Cannot Do
When you connect an exchange through API, Bothub receives only the permissions you allow during setup.
Bothub can:
- Read the required account and market data.
- Place buy and sell orders.
- Manage trades based on the bot strategy.
- Track bot performance and activity.
- Send notifications about important events.
Bothub cannot:
- Withdraw your funds.
- Transfer assets to another wallet.
- Change your exchange password.
- Access your personal exchange login.
- Change your KYC details.
- Take over your exchange account.
- Add new withdrawal addresses.
- Control anything outside the API permissions.
The API key is not the same as your exchange account password. It does not give full account access.
Why Withdrawal Access Is Not Needed
Bothub does not need withdrawal permission to run automated trading bots.
The bot only needs trading-related permissions to open and close positions according to the selected strategy. Withdrawal access is not required for this.
That is why you should never enable withdrawal permissions when creating an API key for Bothub.
Keeping withdrawal access disabled is one of the most important safety rules.
Even if someone else somehow received a trading-only API key, they still would not be able to withdraw funds from your exchange account without withdrawal permission.
They would not be able to send your money to an external wallet.
They would not be able to change your password.
They would not be able to log into your exchange account.
⚠️ Important: trading permissions still allow trading activity. This means a bad actor could potentially open or close trades if they had access to a valid key with trading permissions. That is why API keys must still be stored carefully. But without withdrawal access, the most critical risk — direct withdrawal of funds — is blocked.
Who Controls API Permissions?
You do.
API permissions are created and managed inside your exchange account. The exchange shows you which permissions are available and asks you to confirm them before the key is created.
Usually, exchanges allow you to choose permissions such as:
- Read account data.
- Enable spot trading.
- Enable futures trading.
- Enable withdrawals.
- Restrict API access by IP address.
For Bothub, withdrawal permission is not required and should remain disabled.
Some exchanges also allow API keys to be restricted to trusted IP addresses only. This means the key can work only from approved Bothub server IPs, adding another layer of protection.
Why Exchanges Show Permission Warnings
Exchanges are interested in protecting users.
That is why they usually explain API permissions directly during key creation. They show warnings, permission labels, and additional security steps so users understand what they are enabling.
This is normal and expected.
Before confirming an API key, always check:
- Which permissions are enabled.
- Whether withdrawal access is disabled.
- Whether IP restriction is available.
- Whether the API key is created for the correct exchange account.
- Whether the key matches the bot type you want to use, such as spot or futures.
Bothub does not bypass exchange security. The exchange remains the place where permissions are created, reviewed, and controlled.
What Is Fast Connect?
Fast Connect is a simplified way to connect your exchange to Bothub.
Instead of manually creating and copying API keys, you authorize the connection through the exchange interface. The exchange then helps create the required connection faster and with fewer manual steps.
This can take less than a minute.
Fast Connect is available because Bothub is a verified exchange partner and has passed the required business verification checks.
The result is similar to a manual API connection, but the setup is easier for the user.
You still stay in control.
You still connect through the exchange.
You still do not give Bothub withdrawal access.
What Does KYB Mean?
KYB stands for Know Your Business.
It is a verification process used by exchanges, financial platforms, and payment providers to check that a company is real, registered, and properly represented.
During KYB, a company may be asked to provide information such as:
- Legal company registration.
- Company ownership details.
- Business activity information.
- Director or representative verification.
- Compliance and risk-related documents.
Bothub is an officially registered company in the European Union and has passed KYB checks required by partner exchanges.
This does not remove market risk, and it does not guarantee trading results. But it helps confirm that Bothub is a real business that has completed required verification steps before receiving partner-level access.
Does Bothub Get Access to My Exchange Account?
No.
Connecting an API key does not give Bothub access to your exchange account login.
Bothub cannot:
- See your password.
- Log in as you.
- Change your email.
- Change your password.
- Disable your 2FA.
- Change your KYC information.
- Add withdrawal addresses.
- Withdraw your funds.
The API key is a limited technical connection for trading automation.
Your exchange account remains yours.
What Happens After You Connect an Exchange?
After the exchange is connected, Bothub can communicate with it through the API.
This allows the platform to:
- Check if the required balance is available.
- Read market and account data needed for automation.
- Start the bot you selected.
- Send trading instructions to the exchange.
- Track orders, positions, and performance.
- Show transparent statistics inside your dashboard.
- Notify you about important events.
The bot does not move your funds to Bothub. It trades inside your exchange account using the permissions you approved.
Why API Trading Is Transparent
API trading is transparent because all key actions are visible.
You can check activity in several places:
- Inside your exchange account.
- Inside your Bothub dashboard.
- In bot history and performance metrics.
- In exchange order history.
- Through Telegram or email notifications, if enabled.
Bothub also provides performance reports and bot statistics so users can better understand how automation behaves in different market conditions.
Automation does not mean hidden control.
The goal is to reduce manual decision-making while keeping the process visible and understandable.
Can I Disconnect the API Key?
Yes.
You can disable or delete the API key from your exchange account at any time.
Once the key is disabled, Bothub will no longer be able to send trading instructions through that connection.
You may want to disconnect an API key if:
- You no longer use the bot.
- You want to create a new key.
- You changed exchange settings.
- You believe the key may have been exposed.
- You simply want to stop automation.
After disconnecting or deleting the key, active bots may stop working because the exchange connection is no longer available.
Best Practices for API Security
Follow these rules to keep your exchange connection secure.
1. Never enable withdrawal access
Bothub does not need withdrawal permission.
Always keep withdrawal access disabled when creating an API key.
2. Use IP restrictions when available
If your exchange supports trusted IP restrictions, enable them and use the IP addresses provided by Bothub.
This helps ensure the API key can only be used from approved Bothub servers.
3. Do not share API keys
Never send your API key or secret key to anyone in chat, email, Telegram, Discord, or social media.
Bothub will never ask you to send your API secret through support messages.
4. Check permissions before saving
Before confirming the API key, review all enabled permissions carefully.
Make sure the key has only the permissions required for the bot you want to use.
5. Delete unused keys
If you no longer use an API key, delete it from your exchange account.
This keeps your account cleaner and reduces unnecessary security exposure.
6. Keep your exchange account protected
Use strong passwords, two-factor authentication, and official exchange security settings.
API security is important, but your main exchange account should also be protected.
API Connection vs Exchange Login
An API key is not the same as your exchange login.
| Item | Exchange Login | API Key |
|---|---|---|
| Used to access your account directly | Yes | No |
| Gives access to password settings | Yes | No |
| Can change account security settings | Yes | No |
| Can be limited by permissions | No | Yes |
| Can be limited by IP address | Usually no | Often yes |
| Needed for Bothub automation | No | Yes |
| Should have withdrawal access | Not applicable | No |
Bothub does not need your exchange login.
Only a limited API connection is required.
API Connection vs Deposit-Based Platforms
Some platforms ask users to deposit funds into their own wallets or accounts.
Bothub does not work this way.
| Feature | Bothub API Model | Deposit-Based Model |
|---|---|---|
| Where funds are stored | On your exchange | On the platform |
| Withdrawal access required | No | Often yes |
| User controls funds | Yes | Limited |
| Platform holds user money | No | Yes |
| Can disconnect access | Yes | Depends on platform |
| Trading happens | Inside your exchange account | Inside platform-controlled environment |
Bothub is designed so users stay in control of their funds while using automation.
Important Risk Note
API security and trading risk are different things.
A secure API connection helps protect account access and funds from unauthorized withdrawals.
However, it does not remove market risk.
Automated trading still involves risk because crypto markets are volatile. Bot performance can vary depending on market conditions, liquidity, volatility, fees, and strategy behavior.
Automation is designed to reduce manual decision-making and emotional trading. It does not guarantee profit and does not remove the possibility of losses.
Only allocate funds you understand and are prepared to risk.
Summary
Bothub connects to exchanges through API keys so bots can trade without taking custody of your funds.
The most important points are:
- Your funds stay on your exchange.
- Bothub does not store user funds.
- Bothub does not need withdrawal access.
- You control API permissions inside the exchange.
- Exchanges show and confirm permissions before connection.
- Bothub cannot access your exchange login or change your password.
- API keys are used for trading automation, not account ownership.
- You can disable or delete the key at any time.
- Market risk still exists, even with a secure connection.
Bothub is built around transparency, user control, and non-custodial automation.
You stay in control of your funds while the bot handles trading actions based on the strategy you choose.