To trade on a venue, you connect a credential (API key + secret, or OAuth, depending on the venue) on the Exchanges page. Each credential is stored encrypted (AES-256-GCM) and bound to a single user.
Steps
- Generate API keys at the exchange. Use a key with trading permissions but not withdrawal. We never need withdrawal.
- Paste into the Add credential dialog. Select live or demo.
- The verify step calls the exchange's account endpoint and confirms the keys work.
- After verification the credential is available to bind to a strategy.
Per-venue specifics
| Venue | Connect via | Demo |
|---|---|---|
| Binance Futures | API key + secret | Testnet keys |
| ByBit | API key + secret | Testnet keys |
| BitMEX | API key + secret + passphrase | Testnet keys |
| Hyperliquid | API key + secret | Testnet keys |
| LNMarkets | API key + secret + passphrase | None (live only) |
| Interactive Brokers | Gateway (per-user) | Paper account |
| Tradovate | OAuth | Demo account |
| TradeStation | OAuth (PKCE) | SIM account |
See the per-venue article under Supported venues for the specific quirks.
What you never share
- Withdrawal permission.
- Account-level admin keys.
- 2FA codes (we don't ask).
Pitfalls
- IP whitelist: some venues let you restrict the API key to a specific IP. LucraX's outbound IPs vary across infrastructure; use an unrestricted key or contact us for the current IP list.
- Master vs sub-account: prefer a sub-account key per strategy / use case. Easier to revoke without affecting other strategies.