Our Trust & Security Team is committed to providing the most secure experience possible for our customers. Today, we’re announcing the latest measure we’re taking to better protect our API traders.
API keys can provide full access to an account without customers needing to login or provide two-factor authorization. As such, it is important that customers only enable the API on their account when they intend to use it, and that they disable their API keys if they stop using it. Since this is not always the case, we are taking further steps to disable API keys that we determine to be a security risk.
At least once every quarter beginning in September 2020, we’ll perform a review on inactive API keys and API keys that do not have proper security features enabled. We will then notify any customers who have an API key that doesn’t meet our security requirements. Customers will have a period of time following our notification to take action before we disable the API keys on their behalf. Please note that any keys that have been disabled cannot be re-enabled once they are removed.
For customers who want to better secure their API trading, please refer to this Help Center article.