Importing API Keys

Here you’ll find instructions on how to connect your exchange accounts to Cryptowatch to enable automatic balance tracking in Portfolio and trading through our interface.

We currently support Portfolio for twelve exchanges and trading on eight exchanges.

Trading and Portfolio Exchanges

  • Kraken
  • Bitfinex
  • Binance
  • Coinbase Pro
  • Poloniex
  • Bitstamp
  • Bittrex
  • HitBTC

Portfolio-Only Exchanges

  • BitMEX
  • Huobi
  • Okex
  • Kraken Futures (formerly CryptoFacilities)

The procedure for connecting each exchange is slightly different, but every exchange uses the “API Keys” standard. In this standard, exchanges generate a set of keys that you can input in Cryptowatch setting to allow you to see your balances in Cryptowatch Portfolio as well as place and cancel orders across the Cryptowatch interface. For exchange-specific directions on connecting to Cryptowatch using API keys, please see Account > API Keys. For best practices to ensure security, please read the notes below.

Best Practices for Security

Our security procedures are best-in-class, and we have never had a database breach of any kind. All API keys we store are encrypted in motion and at rest, and you can can permanently revoke your keys from our database at any time. That said, the following tips will help you stay even more secure:

  1. When choosing Key Permissions with your exchange:
    1. Do not grant withdrawal permissions. You only need the following permissions for keys entered in Cryptowatch:
      1. Query your funds, orders, and trades
      2. Open orders
      3. Cancel orders
  2. Do not save or “back up” your API keys. If you need to reconnect Cryptowatch to an exchange for any reason, you can simply generate a new key from your exchange and enter it in Cryptowatch’s API Keys settings.
  3. When generating a key, simply copy it from the exchange’s website into the Cryptowatch interface and close original tab where you generated it.
  4. If you are using multiple applications that need API keys from your crypto exchanges, generate a fresh set of keys for each application. The key you import to Cryptowatch should not be used anywhere else. This allows you to disable them individually should you choose to.
  5. When generating keys, do so in a browser with no extensions installed (or with extensions disabled). An easy way to do this is to use a private browsing setting that disables extensions, like opening a Google Chrome Incognito window.

Errors

There are three possible error states for an API key. If our application determines a key to have an error, it will stop trying to use the key and you will have to replace it with a fresh one.

Invalid Key

This state means the exchange is rejecting your API key as invalid. It's possible the key has been deleted or expired. To resolve this error: Replace the key with a freshly generated one.

Unprivileged Key

This state means the exchange is rejecting your API key as lacking proper permissions. To resolve this error: Replace the key with a freshly generated one, with the permissions required. See the Best Practices for Security section above.

Key Not Exclusive

This state means the exchange is returning nonce errors. A nonce error indicates the key is also being used somewhere else - either by a different application, program, script, or some other means. To resolve this error: Replace the key with a freshly generated one, which you only use for Cryptowatch. This is good practice in general.