API Keys & Permissions

API Keys & Permissions

API keys are the bridge between Deribook and your exchange accounts. Understanding permissions is critical for security.

Permission Levels

• Read: View positions, balances, trade history (required by Deribook)
• Trade: Execute orders (NOT allowed — Deribook rejects these keys)
• Withdraw: Transfer funds (NOT allowed — Deribook rejects these keys)

Why Read-Only?

Deribook is an analytics platform, not a trading bot. We only need to read your data. By enforcing read-only keys, your funds stay safe even in the worst-case scenario.

Managing Keys

View your linked keys on the Account Detail page. You can see the label, permissions, and connection status. To update a key, remove the old one and add a new one.

Best Practices

• Create a dedicated API key for Deribook — don't reuse keys across services
• Use a descriptive label (e.g., “Deribook Analytics”)
• Regularly rotate your keys (every 90 days recommended)
• If you suspect a key is compromised, revoke it immediately on Deribit