Skip to content
Aegis Docs

API Keys Overview

Aegis executes futures hedges on a centralized exchange using an API key you provide. This page describes what permissions are required, what must be disabled, and how keys are stored.

Permission Matrix

Section titled “Permission Matrix”

The table below shows the required and forbidden permissions for each supported exchange. BingX is not yet live and does not appear in this matrix.

PermissionBinance FuturesHyperLiquid
Read / Account InfoRequiredRequired
Spot TradingRequiredN/A
Futures / Derivatives TradingRequiredRequired
Withdraw fundsDisabled — MUST NOT enableDisabled — MUST NOT enable
Internal transfersDisabled — MUST NOT enableDisabled — MUST NOT enable
Bank / Fiat withdrawalsDisabled — MUST NOT enableN/A

This matrix is consistent with the Aegis Terms of Service, section “API Key Requirements and Security”.

Binance Futures notes:

  • Spot Trading permission is required because Binance API keys are account-wide. The bot uses Futures and Spot endpoints.
  • IP restriction is strongly recommended. Whitelist your bot’s server IP in the Binance API key settings.

HyperLiquid notes:

  • HyperLiquid uses an agent wallet model. You create an agent wallet and authorize it to trade on your behalf. See the HyperLiquid guide for the setup steps.
  • Spot Trading and Bank/Fiat withdrawals are not applicable on HyperLiquid.

Security Model

Section titled “Security Model”

  • Trading-only permissions. Aegis requires only read and trading permissions. Withdrawal, internal transfer, and bank/fiat permissions must be disabled. Aegis cannot withdraw funds from your exchange account.

  • AES-256-GCM encryption at rest. API keys are encrypted with AES-256-GCM inside Aegis infrastructure immediately upon saving. The raw key is not stored in plaintext.

  • Never shown back. After saving an API key, it cannot be retrieved or displayed in the dashboard. If a key is lost or compromised, revoke it on the exchange and add a new one.

  • LP wallet private key — never requested. Aegis never asks for or stores your LP wallet private key or seed phrase. The LP wallet is used read-only for on-chain position scanning only.

  • HyperLiquid agent wallet private key. HyperLiquid’s auth model uses a delegated agent wallet. The agent wallet private key acts as the API secret for trading. Aegis stores it encrypted with AES-256-GCM at rest, never shows it back, and the agent wallet carries no withdrawal or custody permissions. See HyperLiquid API Key for setup details.

Screenshot Convention

Section titled “Screenshot Convention”

Tutorial screenshots for API key setup follow this editorial convention:

  • Asset location: apps/docs/src/assets/api-keys/{binance,hyperliquid}/
  • Format: each screenshot uses AVIF as the primary source and PNG as the mandatory fallback, rendered via <picture> / Astro <Picture> so that browsers that do not support AVIF automatically fall back to PNG.
  • Verification footer: each tutorial page that contains screenshots must include a “Last verified: <date>” line at the bottom, indicating when the screenshots were last confirmed accurate against the live exchange UI.

Next Steps

Section titled “Next Steps”