***Never share an seed phrase or security key with anyone.***
What is API syncing?
We have two ways to connect your wallets to CoinTracker for tracking—API sync or CSV import. This guide covers how API syncing works, including what an API key is and how it's used to sync your exchange or wallet data to CoinTracker.
What is an API key?
You can think of an API Key like a password. It stands for Application Programming Interface and it’s a way for an app or website to verify you are who you say you are, and that you have access to data retained within an account. Most cryptocurrency exchanges allow you to generate an API key to share your transaction information with a third-party application like CoinTracker.
Unlike most passwords we use every day, an API key is randomly generated and you are unable to edit it after it's been created. Some API keys can are intended for single-use while others are used to maintain a steady flow of data between two applications.
Why does CoinTracker need my API Key?
When connecting certain exchanges (such as Gemini or Binance), Cointracker will require an API key. We will only ever require read/view access and never write, trade, or transfer access. Approach any application requesting 'write access' with caution.
To illustrate how this digital handshake works, imagine you are connecting your Gemini account to your CoinTracker Account. A read/view access API key will allow Gemini to authorize your ownership and allow your transaction data to sync to CoinTracker in real-time.
The only exception to this is Coinbase—which is integrated through Coinbase’s OAuth2 flow, Uphold, and CoinJar. These integrations connect by having you sign in to your exchange and providing read-only access to your data.
All other exchanges are integrated by creating API keys on the exchange accounts and providing them to CoinTracker. Whenever possible, we ask that you provide only View permissions to these API keys.
Is it secure to sync my wallet via API?
Yes, API technology is very secure, but you must take the necessary precautions to store API key information in a secure location, such as an encrypted file or password manager/vault application. You can always revoke any access to an API key by editing it within the account it was generated from.
As a reminder, CoinTracker will never ask your for a seed phrase or write/trade/transfer access to any exchange or connected wallet. You can learn more about CoinTracker Security Best Practices here.