Connecting exchange accounts

Link your exchange accounts to begin trading and tracking your portfolio on Cryptowatch.

Here you’ll find instructions for connecting your exchange accounts to Cryptowatch. Connecting your accounts enables automatic balance tracking in Portfolio and trading through our interface.

We currently support Portfolio for twelve exchanges and trading on eight exchanges.

Trading and Portfolio Exchanges

Portfolio-Only Exchanges

The method for connecting each exchange is slightly different, but each one uses the “API Keys” standard.

In this standard, exchanges generate a set of keys that can connect your exchange account to Cryptowatch. Once connected, you can place and cancel orders and check your balances from the Portfolio tab.

For exchange-specific directions on connecting to Cryptowatch with API keys, please see Account > Exchange Keys. Read on to learn how to keep your accounts secure while connecting via API keys.

Best Practices for API Key Security

Our security procedures are best-in-class — we have never had a database breach of any kind. All API keys we store are encrypted in motion and at rest, and you can can permanently revoke your keys from our database at any time.

That said, the following tips will help you stay even more secure:

  1. When choosing Key Permissions with your exchange:

    1. Do not grant withdrawal permissions. You only need the following permissions for keys entered in Cryptowatch:

      1. Query your funds, orders, and trades

      2. Open orders

      3. Cancel orders

  2. Do not save or “back up” your API keys. If you need to reconnect Cryptowatch to an exchange for any reason, generate a new key from your exchange.

  3. When generating a key, copy it from the exchange’s website into the Cryptowatch interface and close original tab where you generated it.

  4. If you are using multiple applications that need API keys from your crypto exchanges, generate a fresh set of keys for each application. The key you import to Cryptowatch should not be used anywhere else. This allows you to disable your API keys individually should you choose to.

  5. When generating keys, use a browser with no extensions installed (or with extensions disabled). An easy way to do this is to use a private browsing setting that disables extensions, like a Google Chrome Incognito window.

Errors

There are three possible error states for an API key. If our application determines a key to have an error, it will stop trying to use the key and you will have to replace it with a fresh one.

Invalid Key

This state means the exchange is rejecting your API key as invalid. It's possible the key has been deleted or expired. To resolve this error, generate a new API key to replace the rejected one.

Unprivileged Key

This state means the exchange is rejecting your API key for lacking the proper permissions. To resolve this error, generate a new API key with the correct permissions and replace the rejected one. See the Best Practices for Security section above for the necessary permissions.

Key Not Exclusive

This state means the exchange is returning nonce errors. A nonce error indicates the key is being used somewhere else, either by a different application, program, script, or some other means. To resolve this error, generate a new API key to replace the rejected one. Only use the new key for Cryptowatch — this is good practice in general.