
Ask HN: Allow web apps use your crypto trading API keys, but not trust them - whenlambo
I’m thinking about how to give web apps ability to use your crypto exchanges’ API keys safely, so you can get benefit of using those services, but not trust them. The idea I came up with is to create open source browser extensions which can use your keys and sign your trading requests on demand of web app (with your confirmation, of course).
This way, you can view extension’s source code to make sure it does no harm, verify it’s signature and checksum, and only then give it your precious API keys which it would store highly encrypted and locked with your password.
When an app needs to sign a trading request on your behalf, it communicates with browser extension providing it with the required data. Extension asks your confirmation for the operation, signs the request to the exchange and sends it.
What do you think about this approach? Would it make crypto services, which require access to trading APIs, more trusty?
P.S. This could be not only a browser extension, but any kind of service&#x2F;app&#x2F;script that you can totally control.
======
eberkund
Most of these sites provide read only API keys so this is not necessary.

~~~
whenlambo
Sometimes readonly is not enough. For example, online trading bots, trading
platforms (like coinigy or cryptowat.ch), etc. Users want to use trading
functionality without trust to third party.

