Launch Web Trader
Close
Launch Web Trader
Launch Web Trader
View Categories

8.7 Updating or Rotating API Keys

2 min read

Keeping your API keys secure is one of the most important responsibilities you have when trading through Flows.Trading. API keys are the bridge between your trading platform and your exchange accounts — they authorize access to balances, allow order placement, and synchronize your activity.

Just like changing passwords, regularly rotating your API keys dramatically reduces the risk of unauthorized access. Key rotation also ensures you stay aligned with your broker’s security updates and maintain a clean, stable connection to Flows.Trading.

This page explains when to rotate your API keys, how to do it safely, and best practices for minimizing risk and downtime.

When Should You Update API Keys? #

1. As a Security Best Practice #

Rotating your API keys every few months (recommended: quarterly) is a simple but effective way to:

  • Limit exposure if a key is ever leaked without your knowledge

  • Stay aligned with the latest security standards from your exchange

  • Reduce the long-term risk of unauthorized access

2. After Any Security Concern #

You should rotate your keys immediately if:

  • You suspect your key may have been leaked

  • You detect unusual API activity

  • Your computer, browser, or network might have been compromised

3. After Modifying Permissions #

If you changed permissions on your broker’s platform (e.g., enabling order placement), a new key may be required to ensure Flows.Trading uses the latest configuration.

4. After Exchange Account Updates #

Changes on the broker side may invalidate existing keys, especially:

  • Password resets

  • Security upgrades

  • 2FA or account recovery events

How to Rotate API Keys Safely (Step-by-Step) #

The goal is to replace your old keys without interrupting your trading, losing data, or breaking the connection.

Step 1 — Generate New Keys on Your Broker #

  1. Log into your broker or exchange.
  2. Navigate to API Management.
  3. Create a new API key with the same required permissions as the old one.
  4. Leave the old key active during the transition to avoid downtime.

✔️ Tip: Copy the new Key + Secret securely and store them in a safe location.

Step 2 — Update the Keys in Flows.Trading #

  1. Go to Settings → Brokers.
  2. Select the broker you’re updating.
  3. Replace the old Key + Secret with the new ones.
  4. Click Update or Save.

Flows.Trading will automatically refresh your broker connection using the new keys.

Step 3 — Test the Connection #

After updating, always confirm that everything works normally:

  1. Ensure the connection status shows Connected.
  2. Verify that your balance displays correctly.
  3. Check symbol availability and positions.
  4. Place a small test order (market or limit) to confirm order execution.

Step 4 — Deactivate the Old Keys #

Once the new key is fully tested:

  1. Log back into your broker.
  2. Go to API Management.
  3. Delete or disable the old key.
  4. Confirm your Flows.Trading connection remains stable.

Your rotation is now complete.

Rotation Best Practices #

Perform Updates During Quiet Market Hours #

  • Prefer weekends or late evenings

  • Avoid rotating keys during volatile markets

  • Never rotate keys while you have important open positions

Test Everything Thoroughly #

Before markets become active:

  • Verify balance synchronization

  • Test order placement, modification, and cancellation

  • Confirm historical trade syncing into your Journal

Document Your Key Management #

  • Keep a simple log of rotation dates

  • Track which keys are currently active

  • Note changes made to permissions

Monitor Performance After Rotation #

  • Watch for connection drops or API errors

  • Check the broker’s API logs for unusual activity

  • Ensure orders execute as expected

Important Security Reminder #

Even with perfect platform security, your account is only as safe as your environment.

You are responsible for maintaining a secure device and network, including:

  • Updated operating system

  • Reliable antivirus protection

  • Avoiding public Wi-Fi

  • Strong passwords and 2FA activated on your broker

If your computer is infected, compromised, or improperly secured, your API keys may be at risk, regardless of where you use them. Always follow cybersecurity best practices to protect your funds.

What are your Feelings