API Keys & Security: How BitPanel Keeps Your Account Safe

BitPanel never touches your funds. Instead, it communicates with your exchange through secure, read/trade-only API keys. These keys let your bots execute trades while keeping full custody in your hands.

---

What Are API Keys?

API keys act as a digital handshake between BitPanel and your exchange. They are unique encrypted credentials that tell the exchange who is making the request and what permissions they have. Think of an API key like a remote control — it can press buttons, but it doesn’t have access to the vault itself. With the correct permissions, it can place or close trades, check balances, or pull price data — but it cannot withdraw or move funds.

How BitPanel Uses API Keys

When you connect your Kraken, Coinbase, or Binance account, BitPanel stores your key and secret using AES-256 encryption on secure servers. Those credentials are only accessed by your authorized bots during trade execution.

• Read balances and holdings
• Fetch live prices and order history
• Execute buy/sell orders under your chosen strategy

All requests are routed directly from BitPanel’s backend to the exchange API over encrypted HTTPS connections. No third parties or shared intermediaries are ever involved.

Permissions & Limitations

Each API key created on your exchange is given a set of permissions. BitPanel only requires two:

• Read — to access balances and trade data
• Trade — to execute buy/sell orders on your behalf

Withdrawal permissions are never requested or accepted. Even if someone were to gain access to your BitPanel account, they still couldn’t move your funds off the exchange.

Encryption & Secure Storage

Your API key and secret are encrypted at rest using AES-256. Keys are decrypted only momentarily in memory during live trading events and never stored in plain text.

• Encrypted environment variables
• Role-based server access
• Key rotation and audit checks
• Realtime monitoring for API anomalies

Zero Custody Guarantee

BitPanel is a non-custodial platform. We never hold, transfer, or withdraw user funds. All assets remain entirely within your exchange account. BitPanel acts only as an automated messenger that relays trade instructions through your authorized API connection.

User Control & Transparency

• You can delete or regenerate your API keys anytime on your exchange.
• BitPanel immediately loses access once a key is revoked or changed.
• API key encryption ensures no one — not even BitPanel staff — can see your secret key.
• All trading actions are visible in real time through your trade log and portfolio dashboard.

Best Practices for Users

• Label API keys clearly (e.g., “BitPanel-Live”)
• Use exchange IP allowlisting if supported
• Rotate keys every 60–90 days
• Never reuse API keys across platforms
• Test in Paper Mode before Live Mode

Summary: Your exchange holds the funds. BitPanel just holds the rules. With encrypted API communication and zero withdrawal permissions, your assets remain 100% under your control.