An application programming interface key (API key) is a unique string of alphanumeric characters transmitted as part of an API request that authenticate the source of the API request. API keys can be of two types: Public API key and Private API key.
The API key often acts as both a unique identifier and a secret token for authentication, and will generally have a set of access rights on the API associated with it.
WIKIPEDIAIn very simple words, an
API key identifies you on the service platform that generated the key. (instead of using email and password uses the key to log in)
An API key can be anything and do anything, simply because it depends on what kind of
API generated it, but usually is used for remote access and data tracking.
Likewise crypto wallets, there are public and private API keys with the difference that API keys are more like
tools that adapt based on your needs.
For example, if you want to give access at others to selected data/privileges, you simply need to create a Public API Key which authenticates them to access your account and do nothing more than what you allowed. On the contrary, if you want to give full privileges and access to all data , you would create a Private API Key, which of course should be for your use only.
Another important difference is that API KEYS can be disabled and enabled at will, which is something very handy.
API KEYS IN TRADING:API Keys are very handy when trading, even if you are still trading in
frontend, and know nothing about programming, you should always have a private key enabled and stored securely offline, just in case anything bad happens to the frontend of the exchange and you urgently need to entry/exit a trade or even worst you locked yourself out(2FA rekt)... having the API Key allows you to have a way back in the account via terminal.
Usually exchanges offer the following privileges settings for API Keys:
-
Order ( you can create and cancel orders via key)
-
Cancel (you can
only cancel orders via key)
-
ReadOnly ( you can only read unencrypted data, such as balance/trade history/orders/markets data via key but you can't interact with any)
-
Withdraw ( you can send a withdrawal request which still needs to be confirmed via email)
-
CIDR (useful for ip filtering , read more
here)
API KEYS are also commonly used by big Brokers, Hedge Funds and Quant Shops to safely manage their clients' capitals without having direct access to the funds.
What follows is simple step by step guide on how to setup a Public API Key on Bitmex that can create and cancel orders(aka trading) but without the ability to send withdrawal requests.