An API key is a unique identifier that allows Cornix to access your Exchange Account (Binance, ByBit, etc) programmatically and perform actions on your behalf.
What is an API key?
An API is an acronym for Application Programmatic Interface which is basically the functions and procedures by which two applications (or two pieces of software) can talk to each other. In this case, the API we are referring to is the one that allows Cornix to programmatically communicate with one of the cryptocurrency exchanges (ones like Binance, ByBit, BitMEX, etc.) Cornix uses the exchange API in order to perform actions like:
Place new orders.
Check the existing order status.
Update orders.
Check portfolio balance.
And more...
How Does It Work?
Whenever you log in to the exchange website, you need to provide your email (or username) and password. Similarly, when Cornix accesses the exchange API programmatically it needs to provide credentials that will grant it permissions to perform actions on your behalf.
To avoid making you share personal details like your email address and more importantly your password with other services, exchanges will instead allow you to create an API key (similar to an email address) and API secret (similar to a password) which will be tied to your account and can be used when accessing your exchange account programmatically.
In some cases, exchanges add additional layers of security on top of the API key and secret, similar to providing a 2-factor authentication code after entering the email and password. Those extra details would have to be provided to Cornix alongside the API key and secret for the client to be created successfully in the Cornix system.
Key Permissions & Restrictions
To keep your account safe, when creating the API key in your exchange account you will be able to specify API restrictions. These parameters can restrict the API key so it can only perform specific actions in your account.
The following is an example of what the API restrictions section looks like in the Binance exchange:
In order for the bot to trade on your behalf, Cornix will always require reading and trading permissions.
Reading permissions will allow Cornix to read your portfolio and existing order status. Trading permissions will allow Cornix to create, update and cancel orders in your exchange account.
In some cases, additional permissions may be required, like the Futures permission in case you wish to trade Futures using Cornix.
❗Important Note
In all cases, it's important to pay special attention that the withdrawal permission is not enabled. This will provide an added layer of defense to your account and will make sure no one can use the API to withdraw funds from your account.
For more information about generating specific API keys in the different exchanges Cornix supports, please visit the How to Create API Keys section.