Safety & Security Best Practices
Protect your trading accounts and investments with these essential security guidelines. Your safety is our top priority.
Critical Security Rules
- NEVER share your API keys, private keys, or passwords with anyone - not even support staff
- NEVER give API keys withdrawal permissions - only trading permissions
- NEVER click suspicious links or download files from untrusted sources
- NEVER use the same password across multiple platforms
How to Safely Configure API Keys
API keys connect Rainbow to your exchange account. Follow these steps to ensure maximum security.
Correct API Key Setup
Create a New API Key
Always create a fresh API key specifically for Rainbow. Never reuse existing keys.
Enable ONLY Trading Permissions
Grant only “Spot Trading” or “Futures Trading” permissions. Never enable withdrawal.
✓ Enable: Spot Trading, Read
✗ Disable: Withdrawal, Transfer, Manage
Set IP Restrictions
If your exchange supports it, restrict API key usage to Rainbow's IP addresses only.
Save Secret Key Immediately
Copy your secret key right after creation. It won't be shown again.
Common Mistakes to Avoid
Enabling Withdrawal Permission
This allows anyone with the key to drain your account. Rainbow never needs withdrawal access.
Sharing Keys in Screenshots
Always blur or hide API keys when sharing screenshots for support or social media.
Using Master Account API
Create sub-accounts for trading bots. Never use your main account's API keys.
Not Rotating Keys Regularly
Change your API keys every 3-6 months or immediately if you suspect any compromise.
Storing Keys in Plain Text
Never save keys in emails, notes, or unencrypted files. Use a password manager.
Stay Safe, Trade Smart
Your security is our priority. Follow these guidelines and trade with confidence on Rainbow.