Are my API keys safe?

Autoview

Short answer: yes, and the design is built around three facts you can verify yourself. Your keys are encrypted at rest. They carry only the exchange permissions you choose to grant. Autoview has never had, and never requires, permission to withdraw funds. The rest of this guide explains where your keys actually live, because that depends on which Autoview you run.

Two surfaces, two storage models

Autoview comes in two forms, and they store credentials differently.

  • The webhook platform runs on our servers around the clock. It accepts a POST from any alert sender: TradingView, TrendSpider, a Python script, your own cron job. Because it executes without a browser open, your keys are held server-side, encrypted at rest.
  • The Chrome extension is the legacy, browser-local surface. It runs inside Chrome on your own machine and only executes while that machine and Chrome are on. Keys you add there live in your browser, on your computer, and travel no further than the trade commands the extension sends.

If you are setting up fresh, the webhook platform is the modern path. The extension stays available for people tied to its live in-browser TradingView link.

What "encrypted at rest" means here

When you save an exchange key to the webhook platform, the credential is encrypted before it is stored. We use AES, with a separate initialization vector per stored record, so two saved keys never share the same encrypted form. The plaintext is only ever reconstructed at the moment a trade needs to be placed, and then discarded.

What this buys you in practice: the stored value is not your raw key sitting in a database column. It is ciphertext. That is the durable point, and it is worth more than any single implementation detail.

You decide what the key can do

A key is only as dangerous as the permissions it carries. Most exchanges let you scope a key when you create it, and you should scope it as tightly as the job allows.

  • Grant what Autoview needs. To execute, Autoview places and cancels orders and reads your balances and positions. Grant trading and reading permission and nothing more.
  • Withhold what it does not need. If an exchange offers a permission you do not understand or expect to be used, leave it off. A narrower key is a smaller blast radius if anything ever leaks.

Each exchange words its permission toggles differently, so set them on the exchange's own key-creation screen. Their docs stay current with their UI in a way ours cannot. Browse the exchanges Autoview supports on the platforms page and follow the exchange's own walkthrough when you create the key.

Autoview never touches withdrawals

This is the line that matters most. Autoview has no withdrawal capability implemented, and withdrawal permission is never required to use it. A key that cannot move funds off the exchange cannot drain your account, full stop. Where an exchange exposes a withdrawal permission as an option, leave it disabled. Autoview will run fine without it because it has nothing to use it for.

Where an exchange offers IP whitelisting, that is another free layer. A whitelisted key only works from an address you approve, so even a leaked key is useless from anywhere else.

Moving keys between machines

On the legacy extension, keys live in your browser profile, not on our servers. To move them to another machine you can re-enter them by hand, or use the extension's Export and Import Exchange Credentials option. Export writes your saved keys to a file you can protect with a passphrase, and Import loads that file on the other machine.

On the webhook platform there is nothing to export. Your keys are stored server-side, so they follow your account, not your machine. Sign in from anywhere and they are there.

The habit that protects you most

Encryption and scoping do their job. Your own key hygiene does the rest. Grant trading and reading, never withdrawal. Whitelist an IP where you can. Rotate a key the moment you suspect it leaked, by deleting it on the exchange and issuing a new one. Treat the key like the account password it stands in for, because that is exactly what it is.

See supported exchanges