2 min read

How Your Exchange Keys Are Protected

How Pilotbot stores your exchange API keys — encrypted, never exposed, and unable to withdraw your funds — so automation stays safe.

P

Pilotbot Team

Author

On this page

Handing an exchange key to any tool deserves a hard look. Here's exactly how Pilotbot protects the keys you connect — and why the bot can never move your money.

Your Keys Are Encrypted

Pilotbot stores your exchange API keys encrypted with AES-256, a strong industry-standard cipher. They are decrypted only inside the pricing engine when it needs to talk to the exchange on your behalf — and they are never shown in the interface or shared with anyone.

The Bot Can't Withdraw Your Money

This is the most important safeguard, and it doesn't rely on trust — it's enforced by the exchange:

  • Withdrawal is a separate permission you never enable. Without it, no software — Pilotbot included — can move funds out of your account.
  • The keys Pilotbot uses only allow reading the market and managing your ads, nothing more.

Your crypto stays in your exchange account at all times. See which permissions to enable for the exact list.

Extra Layer: IP Restriction

When you create a key, you can lock it to trusted IPs only and paste in the addresses Pilotbot provides. After that the key works only from Pilotbot's servers — so even if the key text somehow leaked, it would be useless anywhere else.

HTX Is Different — and Also Safe

HTX connects through a browser extension instead of API keys, because HTX has no public P2P API. There too, the bot only reprices and pauses ads — it can never withdraw or move funds. See connecting HTX.

Protect Your Own Login Too

Key safety is one half; your account login is the other. Turn on two-factor authentication or a passkey so only you can reach your dashboard.

Related articles