API Keys

API keys connect your bots to your exchange account. Each key provides the bot with the credentials it needs to read market data and execute trades on your behalf.

The API Keys page shows a table of all your managed keys with their label, exchange, market type, masked key, active status, and bot assignment.

Click "Add API Key" to open the dialog. You'll need to provide:

• Label — A descriptive name for this key (e.g. "BitMEX Main", "BTC Perps Key").
• Exchange — The exchange this key belongs to. Currently supported: BitMEX, Bybit, Binance, Kraken, OKX, KuCoin, Deribit, Gemini, Phemex, and WooX.
• API Key — Your exchange API key string.
• API Secret — Your exchange API secret. This is entered once and never shown again. For OKX, combine your Secret Key and Passphrase in this field using the format secret:passphrase.
• Contract Type — Linear (USDT-settled) or Inverse (BTC-settled). This determines how P&L and position sizes are calculated.
• Testnet Mode— Enable to use this exchange's testnet for paper trading with fake funds. See the Testnet Mode section below for details.

After clicking "Add Key", you'll be redirected to the key's configuration page where you can assign trading instruments.

When adding an API key, you can enable Testnet Modeto connect to the exchange's testnet (sandbox) environment instead of the live market. Testnet mode lets you paper trade with fake funds using the exact same strategies, bot infrastructure, and analytics as live trading — only the exchange endpoint changes.

How it works

• The testnet toggle appears in the Add API Key dialog when the selected exchange supports testnet — all 10 supported exchanges have testnet endpoints.
• Testnet keys are visually badged throughout the dashboard for clear distinction from live keys.
• Bots assigned a testnet key connect to the testnet endpoint. All strategy evaluation, analytics, and risk controls operate identically to live trading.
• Testnet mode is set when the key is created and cannot be changed afterwards — testnet and live keys use different credentials.
• Once testnet data exists in your account, a Live / Testnet toggle appears in the sidebar. Use it to switch which data set — live or testnet — is shown on the dashboard, analytics, and trades pages.

When to use testnet

• Validating a new strategy in real-time market conditions before committing capital.
• Learning the platform without financial risk.
• Testing a new exchange integration or configuration.

Limitations

• Testnet liquidity is synthetic and does not reflect real market conditions. Order book depth, fill speed, and slippage will differ from production.
• Some exchanges periodically reset testnet balances. Log in to the exchange's testnet portal to claim new test funds if needed.
• Use testnet for validating connectivity and bot behaviour, not for performance benchmarking.

Each API key has its own configuration page where you manage which instruments the bot can trade. After creating a key, you must add at least one trading asset before the bot can open positions.

• Contract Type — Switch between Linear (USDT) and Inverse (BTC) settlement. Changing this reloads the available instruments. Cannot be changed while the bot is online.
• Trading Assets— Browse available instruments, search by symbol, and add the ones you want the bot to trade. Each asset has its own leverage setting and margin mode, and can be individually enabled or disabled. Where available, the exchange's maximum leverage per symbol is shown alongside the leverage input and enforced on save.
• Margin Mode — Each asset can be set to isolated or cross margin. Isolated margin locks collateral to the individual position, limiting loss to the allocated margin. Cross margin shares collateral across all positions on the account. New assets default to cross. Exchanges that only support cross margin show a fixed label instead of a dropdown. Margin mode cannot be changed while a position is open on that symbol.
• Instrument Data — Price and volume data shown on the configuration page is periodically refreshed from the exchange. A timestamp indicates when the data was last fetched.

Each key has an active/inactive toggle. Only active keys can be assigned to bots. Deactivating a key provides a quick way to temporarily prevent a bot from trading without stopping the bot or deleting the key.

If a key is currently assigned to a bot, deactivating it will prevent the bot from opening new positions but won't affect existing positions — exit rules will continue to function normally.

API keys are assigned to bots on the bot detail page. Key assignment rules:

• Each key can be assigned to only one bot at a time.
• The key must be active to be assignable.
• You cannot change a bot's API key while it has open positions.
• Keys cannot be deleted while assigned to a bot — unassign them first.

Keys must be unassigned from any bot before they can be deleted. When deleting, a confirmation dialog gives you two options:

• Key only — removes the API key but leaves all associated trading data (trades, positions, equity snapshots, signals, and bot events) intact.
• Key + associated data — permanently deletes the key and all its associated data. Check the “Delete all associated data” checkbox to enable this option.

For bulk data management across all keys, see the Settings page.

API key security is critical. Here's how plutarc protects your credentials:

• Encryption at rest — API secrets are encrypted using AES-256-GCM (authenticated encryption). They are never stored in plain text.
• Runtime-only decryption — Secrets are only decrypted in-memory within your dedicated bot instance's process. They never touch disk unencrypted.
• Masked display — The dashboard only shows masked key hints for identification. The full key and secret are never displayed after initial entry.
• Immediate deletion — Keys are permanently deleted upon request or account closure. You can optionally cascade-delete all associated trading data at the same time.