How to Safely Manage API Keys with Your Trading Journal
Discover practical guidance on securely creating, storing, and managing API keys within TradeTally’s platform. Protect your trading journal and integrations with these API key best practices.
Understanding API Keys in TradeTally
API keys act as secure credentials that allow external tools and systems to interact with your TradeTally trading journal. They enable programmatic access for activities such as importing trade history or automating journal updates.
In TradeTally, each API key is assigned a specific permission scope: either read-only or read-write. This ensures you can grant the minimum access necessary for your integration or workflow. To further help you distinguish key types, all live API keys are clearly identified with the tt_live_ prefix—making it easy to tell live keys apart from potential test credentials.
Creating API Keys Safely
To generate a new API key in TradeTally, head to the API Key settings page. When creating a key, choose the correct permission scope—select read-only for integrations that don’t need to modify data, and read-write only if absolutely necessary.
For enhanced security, TradeTally allows you to set an expiration date for each key. By choosing a shorter expiration, you reduce exposure in the event a key is compromised. Set the expiration to align with your integration’s needs, and consider renewing keys regularly for maximum protection.
Storing and Handling API Keys Responsibly
When a new API key is generated in TradeTally, it is displayed only once upon creation. Be sure to copy and save it securely at that moment—if you lose it, you’ll need to generate a new one.
Best practices for storing your key include using a password manager or secure vault, avoiding plaintext storage, and never sharing keys via insecure channels. For added reassurance, TradeTally stores only a hashed version of your key, never the raw string—ensuring that your credentials remain protected even within the platform.
Revoking and Rotating Keys When Needed
If an API key is ever exposed or no longer needed, you can revoke it immediately from the API Key settings page. Regularly rotating your keys—by revoking old ones and generating new keys—enhances security and helps prevent unauthorized access. Managing expirations is equally critical; replace expiring keys ahead of time to minimize interruption to any connected tools.
Quick Action: Manage Your API Keys in TradeTally
Ready to review your API credentials? Visit your API Key settings now to check currently active keys, revoke unnecessary access, and update your API key management for better security. Taking just a few minutes to review these settings can help safeguard your trading journal and integrated tools.