Here you’ll find instructions for connecting your exchange accounts to Cryptowatch. Connecting your accounts enables automatic balance tracking in Portfolio and trading through our interface.
*Margin trading supported
The method for connecting each exchange is slightly different, but each one uses the “API Keys” standard.
In this standard, exchanges generate a set of keys that can connect your exchange account to Cryptowatch (similar to a crypto wallet's public and private keys). Once connected, you can place and cancel orders and check your balances from the Portfolio tab.
For exchange-specific directions on connecting to Cryptowatch with API keys, please see Account > Exchange Keys. Read on to learn how to keep your accounts secure while connecting via API keys.
The following articles walk you through connecting Cryptowatch to these major exchanges:
Our security procedures are best-in-class — we have never had a database breach of any kind. All API keys we store are encrypted in motion and at rest, and you can can permanently revoke your keys from our database at any time.
That said, the following tips will help you stay even more secure:
When choosing Key Permissions with your exchange:
Do not grant withdrawal permissions. You only need the following permissions for keys entered in Cryptowatch:
Query your funds, orders, and trades
Do not save or “back up” your API keys. If you need to reconnect Cryptowatch to an exchange for any reason, generate a new key from your exchange.
When generating a key, copy it from the exchange’s website into the Cryptowatch interface and close original tab where you generated it.
If you are using multiple applications that need API keys from your crypto exchanges, generate a fresh set of keys for each application. The key you import to Cryptowatch should not be used anywhere else. This allows you to disable your API keys individually should you choose to.
When generating keys, use a browser with no extensions installed (or with extensions disabled). An easy way to do this is to use a private browsing setting that disables extensions, like a Google Chrome Incognito window.
There are three possible error states for an API key. If our application determines a key to have an error, it will stop trying to use the key and you will have to replace it with a fresh one.
This state means the exchange is rejecting your API key as invalid. It's possible the key has been deleted or expired. To resolve this error, generate a new API key to replace the rejected one.
This state means the exchange is rejecting your API key for lacking the proper permissions. To resolve this error, generate a new API key with the correct permissions and replace the rejected one. See the Best Practices for Security section above for the necessary permissions.
This state means the exchange is returning nonce errors. A nonce error indicates the key is being used somewhere else, either by a different application, program, script, or some other means. To resolve this error, generate a new API key to replace the rejected one. Only use the new key for Cryptowatch — this is good practice in general.
The exact cause of the error is undefined by Cryptowatch. This error message could result from a variety of issues, such as a typo in the API key (always copy/paste), or mismatching API and secret keys. Try entering your API keys again — if the error returns a second time, delete the keys and generate new ones.