Is CryptoIndexBot Safe? Security & API Keys Explained

Security is foundational to how CryptoIndexBot works. Here's what you should know.

Non-custodial by design

CryptoIndexBot never holds your funds. Your crypto stays in your own exchange account at all times. The bot connects through your exchange's API to place trades on your behalf — that's it.

Trade-only API keys

When you connect an exchange, you create an API key with trade permission enabled and withdrawal permission disabled. This means CryptoIndexBot can rebalance your index but can never withdraw or transfer your funds. You can revoke the key on your exchange at any time.

Your account

• Passwords are stored using strong one-way hashing — we never see your plaintext password.
• Connections are encrypted over HTTPS.
• You can enable two-factor authentication for an extra layer of protection.

Best practices

• Disable withdrawals on any API key you create for trading bots.
• Use a dedicated API key so you can revoke it independently.
• Keep your account email secure and enable 2FA.

Learn how to set up your keys in How to Connect Your Exchange.