As a trading platform, we fully understand the trader's doubt and fear about giving access to your exchange accounts via API key. The Bitsgap platform was built by traders for traders, and we put security questions in the first place.
You must be sure that your funds and orders are secured, and no one will get unauthorized access to your Bitsgap account. While we cannot disclose all of our security standards and techniques, we would like to highlight the essential part of it:
All login attempts are secured - if we ever notice your account trying to connect from an unknown device or location, you will receive a confirmation email to authorize access.
Protection from failed login attempts - failed login attempts will result in both an account and API temporary lockout to prevent password match attacks.
Complex password support - you can use a long and mixed password with a combination of letters, numbers, and symbols.
Two-factor verification - one-time use token to allow authorization to your account. We encourage all users to install 2FA application on the mobile device as an extra security layout
Limited access to your API key - you are the one who decides all the settings for your API key. To utilize the Bitsgap platform at full power, we require only access to your trade history, balance view, and trading.
No withdrawal allowed in the permissions - as an extra security measure, whenever you add your API key, we always check if you have restricted the option to withdraw funds. If this option is enabled then the API key will not be accepted.
API keys always hidden in an encrypted format - your password and API keys are always encrypted, and no one except you and your exchange have access to them.
Secure network structure - all user information stored on a secure network guarded by a strong firewall, that no one outside of the company has access to it.
Employees are restricted to the area of their expertise - to eliminate human mistakes and protect our users from inside; every Bitsgap member has a limited right and access to the system based on their job assignments.
Sensitive & account information is never transmitted outside the network - we never share, send or show user's personal information to any 3rd party outside of the system.
2FA authorization and internal security audit - all employees are required to use a strong password and two-factor authorization to access the Bitsgap network.
System & Server
RSA 2048 encryption - the easiest way to explain it is to say that the majority of banks worldwide use 1024-bit encryption. That pretty much makes Bitsgap twice as safe as the online bank you are using (To put it in numbers, if a person chooses to "crack" your API key, it will take them over a hundred lifetimes to go through every possible combination).
Encrypted delivery - when you add an API key to Bitsgap, the browser initiates an encryption process on your side and securely delivers your API to our server.