How Your Exchange Keys Are Protected
How Pilotbot stores your exchange API keys — encrypted, never exposed, and unable to withdraw your funds — so automation stays safe.
Pilotbot Team
Author
On this page
Handing an exchange key to any tool deserves a hard look. Here's exactly how Pilotbot protects the keys you connect — and why the bot can never move your money.
Your Keys Are Encrypted
Pilotbot stores your exchange API keys encrypted with AES-256, a strong industry-standard cipher. They are decrypted only inside the pricing engine when it needs to talk to the exchange on your behalf — and they are never shown in the interface or shared with anyone.
The Bot Can't Withdraw Your Money
This is the most important safeguard, and it doesn't rely on trust — it's enforced by the exchange:
- Withdrawal is a separate permission you never enable. Without it, no software — Pilotbot included — can move funds out of your account.
- The keys Pilotbot uses only allow reading the market and managing your ads, nothing more.
Your crypto stays in your exchange account at all times. See which permissions to enable for the exact list.
Extra Layer: IP Restriction
When you create a key, you can lock it to trusted IPs only and paste in the addresses Pilotbot provides. After that the key works only from Pilotbot's servers — so even if the key text somehow leaked, it would be useless anywhere else.
HTX Is Different — and Also Safe
HTX connects through a browser extension instead of API keys, because HTX has no public P2P API. There too, the bot only reprices and pauses ads — it can never withdraw or move funds. See connecting HTX.
Protect Your Own Login Too
Key safety is one half; your account login is the other. Turn on two-factor authentication or a passkey so only you can reach your dashboard.