0

I am developing a crypto portfolio app with Ionic 5 at the moment and I came across following problem:

I created an API with express.js, which communicates with the APIs of coingecko and binance via the npm packages coingecko-api & node-binance-api.

One of the main functionalities of the app is to see recent trades and the profit of those, so you have to connect to your binance account. At the moment the API Code & Secret is stored directly in the api, but I want that the users enters these on the initial start of the app - but now the big question is: Where do I safely store the key and the secret? I do not want to take any risks.

Do I send them once to the API and store them in a database with a userid? Do I send them to the api every time I want to reload the trades and only store them on the specific device? Or is there a way I can check the permissions of the api details and if this api key is allowed to place orders and if not, the app accepts it otherwise not (that would be the best way, but i don't know how to check it)

Also I came up with the idea that the app communicates directly with the api of Binance, without my api as a 'middleman' but I don't think that's the way to go.

Thanks in advance for the help :)

felixjiricka
  • 68
  • 1
  • 6
  • Binance (and most sites like this) say "Remember to store your Secret Key somewhere safe. It will not be shown again. Due to security reasons, please do not share this key with anyone". Why would you ask users to ignore this warning? – Anon Coward Feb 27 '21 at 01:13
  • there are multiple apps already which connect to binance for example in order to load their wallet data, so they also need the api secret and the key - and they need to store it somewhere. But I guess it would be the best to store the api credentials on the local device and perform the request directly to the api of binance without my own api as a "middleman" ? – felixjiricka Feb 28 '21 at 14:52

0 Answers0