|
June 23, 2013, 10:35:53 PM |
|
I considered building an app which would allow you to perform trades live from it to BTC-TC, but I decided in the end that the risk just wasn't worthwhile. Bugs that affect trades, people using you as a vector of attack, customer complaints, etc... It just wasn't worth the trouble when there is already a perfectly usable site (BTC-TC itself).
A best practice for any site which does utilize the trade API would be to destroy the oauth credentials immediately after usage, to limit your exposure. This would require the user to authorize with BTC-TC every time they wanted to transfer shares or place a trade order, but would prevent you from accidentally releasing the user's credentials into the wild, or worse, into the hands of someone who would use them maliciously.
|