If you paper or live trade, you have to store your api key and secret in what is essentially a plain text file on your computer. I’m no computer security expert but it doesn’t sound very safe. Is there an alternative? What is the best practice?
You can make it more secure by restricting access to trusted IPs and disabling withdraws for your key.
Thanks. I’m not sure how to get a static IP as long as I’m trading from my computer. I had disabled withdrawals already. Anyway these measures limits the damages if the key is compromised. They don’t really help protecting the key.