API Keys — the code that links your account to your wallet
When you log into Leverj and try to connect your wallet, a pop-up page asks you if you would like to create a new key, or use an existing one. What is the key that I am asked to make, and why is it necessary?
TL;DR
- The key is an API key which links your Gluon Plasma sidechain account to your wallet
- The key is stored in a cache on your browser and even if compromised, the funds in your wallet cannot be accessed
- Producing a key will cost you ~0.002 ETH. ($7 in Jan 2021)
- You only need to make one key for Leverj, although making more than one is also okay
- For better security, download your key to your computer/hard disk, just in case your browser cache is wiped clean
- Losing a key and being forced to create a new one will not endanger your funds
Simple Answer
Basically, the API key is specific to the Leverj website/Gluon Plasma sidechain and connects your Ethereum wallet with your account on Leverj WITHOUT providing data/custody of your funds. Your API key simply allows you to trade on the exchange. Think of this key in a similar way to the details that your bank must use in order to allow you to log in to their site. Obviously, if you have accounts with two separate banks, you could use the same passwords to get into both bank accounts, but the two banks would use completely different systems to analyse your login details. It would be like if a bank, let’s call it Bank A, could use basic credentials like username and password and supplement it with a 2FA confirmation to allow you access. These credentials and 2FA codes are specific to Bank A. You would not be able to access an account in another bank, say Bank B, using these same credentials. Similarly, your API key is unique to Leverj. You do not have to be concerned about losing custody of your coins because your main Ethereum account maintains custody at all times. You and only you as the user have access to the private key for the main Ethereum account.
That being said, you can produce multiple keys for Leverj if you wish. These will be stored in your browser cache and are activated automatically OR if a pop-up appears to check, you can choose “existing key” when you log in. API keys are also downloadable, and can be stored to hard-disk.
Downloading API key
To avoid the possibility of having your browser cache being wiped and having to fork out more ETH to get a new API key, we recommend downloading your API key to a hard drive. Follow the steps below to secure your API key upon entering the Leverj site.
- Navigate to the Leverj wallet page. On the top right above the Gluon balance, you can see a heading in bright white lettering that says “Gluon Plasma”. Under this heading is a downward arrow with two sets of 4 digits separated by two dots beside it. To download your API key simply click on the downward arrow.
Note, if you hover above the arrow, a pop-up will appear that says “Download api key file”.
2. Choose where you would like to store the file itself, and proceed as with any other type of file download. In the future, if your browser cache is deleted or compromised, you will be able to log onto Leverj by locating your API key from its saved location.
The API key is downloaded in .json format. You can see that the name of your API key file is named automatically. The name is made up of the first 6 digits of your Ethereum wallet address and the first 6 digits of your API key, separated by a dash. If you open your API key file you will see that it contains three pieces of data as follows. You may rename your .json file to a more memorable moniker if you wish, without compromising the file.
- Your wallet address (“accountID” 42-digit string)
- Your API key (“apiKey”42-digit string)
- Your secret key (“secret” 66-digit string)
Why use an API key?
Not many protocols use an API key to facilitate log in and interact between your wallet and the site, so why use one?
A frictionless environment
The answer lies in Leverj’s mission to create a frictionless environment while trading in a DEX. Typically, when trading on a DEX, whether you are buying, selling or adding margin to your trades, you will have to sign off on the action through your wallet. When speed is of the essence, you don’t want to be constantly interrupted by pesky pop-ups asking for authorization. The API key seamlessly interacts with your wallet once you are on the Gluon Plasma chain, and you only have to authorize hopping on and off the sidechain. An added benefit of using an API key is that if you wish to entrust a hedge fund or professional to trade on your behalf, you can give them access to your API key without handing over your private key and compromising your main Ethereum wallet funds.
Security-wise
In line with Leverj’s self-custodial design, funds are never compromised. Even if a potential scammer/hacker did have access to the API keys, they still would not have access to your underlying wallet data. The worst they could do, (providing they somehow gained access to your computer and logged in successfully) is trade on Leverj with the money in your spot or futures wallet. You also, are the only one who controls the secret to the API key. The exchange never sees it, EVER.
If you do lose your API key and cannot recover it, do not panic — with a small amount of ETH(~0.002) you can create a new one and still access your funds on the exchange.
To be clear, losing your API key and having to download a new one does not endanger your funds on your wallet, or affect access to your funds stored on the Gluon Plasma sidechain.Your Ethereum account always has full control over the funds deposited to Gluon and can sign deposit/withdrawal transactions only with your authorization.
The Gluon wallet API key can only sign transactions to trade or transfer assets on Gluon therefore it never compromises your Ethereum wallet at all. As mentioned above, you should keep a secure backup of your API key, however, it is always possible to register new keys for trading under your Ethereum account.
In conclusion:
Leverj’s API key is designed to improve security and improve the overall user experience. Although the API key interacts seamlessly from your browser, we recommend downloading the key to a hard drive for backup.
Please keep in mind
US Persons are not allowed to trade on Leverj. Users from sanctioned country or Specially Designated National (SDN) as per OFAC are also not allowed to use the system.
Before you trade, please make sure you are legally permitted to trade cryptocurrencies, derivatives, and any other instruments offered on this platform from your home jurisdiction.
Nothing in this article constitutes an offer, solicitation, or investment advice. The content is for educational purposes only. Images and screenshots may be from our test environments and do not represent data on the live system.
