I'm working on an execution engine for Kraken and Coinbase. I'm curious about how people here handle the security of their API keys when using automated desks. Is "trading-only" (withdrawals disabled) considered standard enough, or do you implement additional IP-whitelisting as a mandatory layer? I'm trying to optimize the workflow for a private project I'm building. Thanks!
u/Interarea-Assets — 20 days ago