An API key is a unique identifier that allows Cornix to access your account in one of the crypto exchanges (Binance, ByBit, etc) programmatically and perform actions on your behalf.
What is an API
An API is an acronym for Application Programmatic Interface which is basically the functions and procedures by which two applications (or two pieces of software) can talk to each other. In this case, the API we are referring to is the one that allows Cornix to programmatically communicate with one of the cryptocurrency exchanges (ones like Binance, ByBit, BitMEX, etc.) Cornix uses the exchange API in order to do actions like:
Place new orders.
Check the existing order status.
Update orders.
Check portfolio balance.
And more...
What is an API Key (and API Secret)
Whenever you log in to the exchange website, you need to provide your email (or username) and password. Similarly, when Cornix accesses the exchange API programmatically it needs to provide some credentials that will grant it permissions to perform actions on your behalf. To avoid making you share personal details like your email address and more importantly your password with other services, exchanges will instead allow you to create an API key (similar to an email address) and API secret (similar to a password) which will be tied to your account and can be used when accessing your exchange account programmatically.
In some cases, exchanges add additional layers of security on top of the API key and secret, similar to providing a 2-factor authentication code after entering the email and password. Those extra details would have to be provided to Cornix alongside the API key and secret for the client to be created successfully in the Cornix system.
API Key restrictions (and permissions)
To keep your account safe, when creating the API key in your exchange account you will be able to specify API restrictions. These parameters can restrict the API key so it can only perform specific actions in your exchange account. The following is an example of what the API restrictions section looks like in the Binance exchange:
In all cases, it's always important to pay special attention that the withdrawal permission is not enabled. This will provide an added layer of defense on your account and will make sure no one can use the API to withdraw funds from your account.
In order for the bot to trade on your behalf, Cornix will always require reading and trading permissions. Reading permissions will allow Cornix to read your portfolio and existing order status. Trading permissions will allow Cornix to create, update and cancel orders in your exchange account. In some cases, additional permissions may be required, like the Futures permission in case you wish to trade in Binance-Futures using Cornix. For more information about generating specific API keys in the different exchanges Cornix supports, please visit the How to Create API Keys section.