As a trading platform, we fully understand the trader's doubt and fear about giving access to your exchange accounts via API key. The Bitsgap platform was built by traders for traders, and we put security questions in the first place.
You must be sure that your funds and orders are secured and that no one will get unauthorized access to your Bitsgap account. While we cannot disclose all of our security standards and techniques, we would like to highlight the essential part of it:
All login attempts are secured - if we ever notice your account trying to connect from an unknown device or location, you will receive a confirmation email to authorize access.
Protection from failed login attempts - failed login attempts will result in temporary IP address lockout to prevent password match attacks.
Complex password support - you can use a long and mixed password with a combination of letters, numbers, and symbols.
Two-factor verification - one-time use token to allow authorization to your account. We encourage all users to install the 2FA application on the mobile device as an extra security layout.
Limited access to your API key - you are the one who decides all the settings for your API key. To utilize the Bitsgap platform at full power, we require only access to your trade history, balance view, and trading.
No withdrawal allowed in the permissions - as an extra security measure, whenever you add your API key, we always check if you have restricted the option to withdraw funds. The API key will not be accepted if this option is enabled.
API keys are always hidden in an encrypted format - your password and API keys are always encrypted, and no one except you and your exchange has access to them.
Secure network structure - all user information is stored on a secure network guarded by a strong firewall that no one outside the company can access.
Employees are restricted to the area of their expertise - to eliminate human mistakes and protect our users from inside, every Bitsgap member has a limited right and access to the system based on their job assignments.
Sensitive & account information is never transmitted outside the network - we never share, send or show users' personal information to any 3rd party outside the system.
2FA authorization and internal security audit - all employees must use a strong password and two-factor authorization to access the Bitsgap network.
System & Server
RSA 2048 encryption - the easiest way to explain it is to say that most banks worldwide use 1024-bit encryption. That makes Bitsgap twice as safe as the online bank you are using (To put it in numbers, if a person chooses to "crack" your API key, it will take them over a hundred lifetimes to go through every possible combination).
Encrypted delivery - when you add an API key to Bitsgap, the browser initiates an encryption process on your side and securely delivers your API to our server.