Application program interfaces (API’s) provide a way for one system to interact with another. In the case of cryptocurrency, API’s are often used as a way to interact with cryptocurrency exchanges. Many complementary businesses and tools have been built by allowing users to connect to these exchange API’s like crypto portfolio trackers, crypto trading bots, tax software tools, and many more.
A lot of cryptocurrency enthusiasts understandably ask the question: Should I be trusting these platforms with my API keys?
In order to better understand this question, it’s important to understand the various types of access that certain cryptocurrency exchange API’s grant. You can configure what type of access you want your API key to grant using your exchanges account settings.
Read only access allows the system that is connecting to the exchange API to only “read” or “view” the transaction data for that user account.
This type of granted access is popular amongst portfolio trackers and crypto tax software systems that only need to know your transaction history in order to work properly.
These applications do not need to be able to make trades on your behalf, so they typically only require this “read only” access. Programs with this type of access CANNOT make trades or withdraw funds on your behalf.
Creating an API key that grants “trade” access allows the application that you are using to make trades on your behalf.
This type of access is common amongst crypto trading bots that users use to execute various trading strategies.
You should have complete trust in the company or tool trading on your behalf with this type of access. They should have robust security measures in place to make sure that your keys stay protected.
Transfer access allows the connected program to make transfers and withdrawals or send and receive crypto on your behalf. Again the level of trust you must have in the program/ tool needs to be extremely high as this access could potentially sweep out your funds and send them to a completely different wallet address.
It is generally not recommended to grant this type of access to third party applications.
Now that you understand what these various levels of access do, you can feel confident in creating your API keys.
Pictured below is the creation of a Binance API key. This is the key that you would enter into a third party system to grant it access to your Binance account.
As you can see, “read only” access is the only permission that will be granted with this API key. Both the enable trading and enable withdrawals boxes have been left unchecked.
CryptoTrader.Tax never requires trade or withdrawal access from your exchange accounts, only "view" or "read" access. This means that the application can never access your funds, as it does not have the ability to.
You can always upload your transaction history by CSV file as well. The software will use this data to build out your required crypto tax reports.