The Simple Rule
A trading bot normally needs permission to read balances and place trades. It should not need permission to withdraw funds. Keep the API scope narrow, store keys privately, and delete keys you no longer need.
Checklist
- Confirm the URL and support channel before entering any key.
- Disable withdrawal permission.
- Use IP restrictions or subaccounts if the exchange supports them.
- Monitor positions after activation.
- Revoke the key if exposed, unused, or suspicious.
Aurum Setup Links
Research Aurum before funding
Read the evidence file, test the risk calculator, and make the sponsored external link the last click rather than the first impulse.