Credentials Management
Authentication into the Broker API can be done through 2 different flows:
- Client credentials (recommended)
- Client Secret
- Private Key JWT
- Legacy flow
Both these flows offer access to expiration dates & fine-grained access control through BrokerDash.
Credentials Expiration
To help enhance the security of your account and integration, all generated credentials can be assigned a specific expiration timeframe. This feature is a critical security control that automatically deactivates a key after a set period, limiting the risk associated with a key being compromised or forgotten.
The following options are available:
- Never
- 1 week
- 30 days
- 90 days
- 6 months
- 1 year
Fine-grained access control
When generating new API credentials, you have the option to define granular permissions using Access Controls. This feature is designed to enhance the security of your integration, while also allowing you to ensure a key only has the access required to perform its designated function.
You can choose from three distinct access control levels:
Read only: Grants permission to view data across all API scopes.
Full access: Grants permission to view and modify data across all API scopes.
Custom: Grants fine-grained, specific permissions for each API scope individually.
Custom Access Controls
Instead of granting universal Read only or Full access, you can specify the access level for each distinct API scope.
For each API scope you can assign one of the following access levels:
Read & Write: Grants full permission to both view and modify data within that scope.
Read only: Grants permission to view data only.
No Access: Completely blocks all endpoints within that scope for this key.
You can choose one of the three custom access level for the following scopes:
- Accounts
- Funding
- Admin
- Crypto
- Rebalancing
- Trading
- Journaling
- Data
- Reporting
- SSE events
Updated about 5 hours ago