Storing API key and secret when paper or live trading


#1

If you paper or live trade, you have to store your api key and secret in what is essentially a plain text file on your computer. I’m no computer security expert but it doesn’t sound very safe. Is there an alternative? What is the best practice?


#2

You can make it more secure by restricting access to trusted IPs and disabling withdraws for your key.


#3

Thanks. I’m not sure how to get a static IP as long as I’m trading from my computer. I had disabled withdrawals already. Anyway these measures limits the damages if the key is compromised. They don’t really help protecting the key.