Reputation: 51
Allow web apps use your crypto trading API keys, but not trust them
I’m thinking about how to give web apps ability to use your crypto exchanges’ API keys safely, so you can get benefit of using those services, but not trust them. The idea I came up with is to create open source browser extensions which can use your keys and sign your trading requests on demand of web app (with your confirmation, of course).
This way, you can view extension’s source code to make sure it does no harm, verify it’s signature and checksum, and only then give it your precious API keys which it would store highly encrypted and locked with your password.
When an app needs to sign a trading request on your behalf, it communicates with browser extension providing it with the required data. Extension asks your confirmation for the operation, signs the request to the exchange and sends it.
What do you think about this approach? Would it make crypto services, which require access to trading APIs, more trusty?
P.S. This could be not only a browser extension, but any kind of service/app/script that you can totally control.
Upvotes: -1
Views: 99
Answers (1)
Reputation: 1033
If the source codes are open sourced, and there are no backdoors, it should be well received.
Crypto Exchanges usually have different API keys for different purposes. Let users choose whether they want to use READ-ONLY, READ and MAKE TRANSACTIONS or even WITHDRAWAL transactions.
Upvotes: 1
Related Questions
- Using API keys in a react app
- How to protect secret keys in Vue3?
- How would a web app get a users roles for an api?
- Securing Private API keys in Javascript Web App
- Secure communication between Web site and backend
- How do you secure your ASP.Net Web API without catering for third parties?
- How to do stateless (session-less) & cookie-less authentication?
- How to make a web API private
- How do I use API keys, and token schemes effectively to secure REST API?
- How to implement HMAC-SHA authentication from scratch?