chartping

Reference

Read-only API-key support, by exchange.

Chartping connects to 13 exchanges and brokers with a read-only API key. How strictly “read-only” can be proven depends on what each platform’s API allows — but in every case Chartping exposes no order or withdrawal path, so it can’t move your funds. Here’s the honest, per-platform breakdown.

Read-only API-key support for each exchange and broker Chartping connects to.
PlatformRead-only scope provable?Trade/withdrawal key at connectOrder/withdrawal path in Chartping
BinanceYes — key-permission endpointTrade/withdrawal key rejected & never stored; re-checked every pollNone
BybitYes — key-permission endpointTrade/withdrawal key rejected & never stored; re-checked every pollNone
DeribitYes — key-permission endpointTrade/withdrawal key rejected & never stored; re-checked every pollNone
OKXNo — no key-permission endpointAccepted but hard-flaggedNone
KrakenNo — no key-permission endpointAccepted but hard-flaggedNone
KuCoinNo — no key-permission endpointAccepted but hard-flaggedNone
BitgetNo — no key-permission endpointAccepted but hard-flaggedNone
Coinbase InternationalNo — no key-permission endpointAccepted but hard-flaggedNone
Gate.ioNo — no key-permission endpointAccepted but hard-flaggedNone
OANDAN/A — API has no fund-movement primitiveToken used strictly read-only; no order/withdrawal endpoint calledNone
AlpacaN/A — API has no fund-movement primitiveToken used strictly read-only; no order/withdrawal endpoint calledNone
TradierN/A — API has no fund-movement primitiveToken used strictly read-only; no order/withdrawal endpoint calledNone
HyperliquidN/A — watched from your public wallet address (no key)No key to hand overNone

cTrader support is coming soon. Keys are stored encrypted at rest (AES-GCM); on exchanges we can verify, a key that later gains trade rights stops the connection.

Proven & rejected

Binance, Bybit, Deribit — a trade- or withdrawal-capable key is refused at connect and re-checked every poll.

Accepted, hard-flagged

OKX, Kraken, KuCoin, Bitget, Coinbase International, Gate.io— scope can’t be proven, so the key is accepted but flagged. Chartping still exposes no order or withdrawal path.

Read-only by nature

OANDA, Alpaca, Tradier have no fund-movement API; Hyperliquid needs no key at all — it’s watched from a public wallet address.

Frequently asked

Is a read-only Binance API key safe to give Chartping?+

On Binance, Bybit and Deribit, Chartping asks the exchange what the key can do and rejects any key that can trade or withdraw — it is refused at connect and never stored. Keys are held encrypted at rest (AES-GCM).

What if an exchange can't prove a key is read-only?+

On OKX, Kraken, KuCoin, Bitget, Coinbase International and Gate.io there is no endpoint to prove scope, so the key is accepted but hard-flagged. Chartping still exposes no order or withdrawal path, so it can't act on it either way.

Does Chartping ever have withdrawal access?+

No. Chartping exposes no withdrawal path and never calls a withdrawal endpoint on any platform. Broker tokens (OANDA, Alpaca, Tradier) have no fund-movement API, and Hyperliquid is watched from a public wallet address with no key at all.

More on the model: the security page, read-only by design, or exchange monitoring.

Watch every exchange account, read-only.

Join the waitlist — be among the first to know what's happening across every account you trade.

No spam. We'll email you when early access opens. Read-only · we can't touch your funds. By joining you agree to our Terms and Privacy Policy.