Credentials
Credentials securely store your exchange API keys and secrets. Before connecting a trading account, you must create a credential that Cadenza uses to authenticate with the exchange on your behalf.
Overview
A Credential represents a set of API keys for a specific exchange venue. Credentials are:
- Encrypted at rest - API secrets are never stored in plain text
- Reusable - One credential can be used to connect multiple trading accounts
- Verifiable - Test your API keys before connecting accounts
- Rotatable - Update API keys without disconnecting accounts
Credential Lifecycle
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Create │────▶│ Verify │────▶│ Active │
│ (PENDING) │ │ (VERIFIED) │ │ (in use) │
└─────────────┘ └─────────────┘ └─────────────┘
│
▼
┌─────────────┐ ┌─────────────┐
│ Revoke │◀────│ Rotate │
│ (REVOKED) │ │ (new keys) │
└─────────────┘ └─────────────┘
The Credential Object
| Field | Type | Description |
|---|---|---|
credentialId | UUID | Unique identifier for the credential |
venue | Venue | Exchange venue (e.g., BINANCE, OKX, BYBIT) |
credentialType | CredentialType | Type of credential (EXCHANGE, BROKER) |
nickname | string | Optional display name |
status | CredentialStatus | Current status (PENDING, VERIFIED, REVOKED) |
identities | string[] | Available trading account IDs after verification |
createdAt | timestamp | When the credential was created |
updatedAt | timestamp | When the credential was last updated |
Credential Status
| Status | Description |
|---|---|
PENDING | Credential created but not yet verified |
VERIFIED | Credential verified and ready to use |
FAILED | Verification failed (invalid API keys) |
REVOKED | Credential has been revoked and cannot be used |
Credential Type
| Type | Description |
|---|---|
EXCHANGE | Direct exchange API credentials |
BROKER | Broker/sub-account credentials |
Supported Venues
| Venue | Required Fields | Account Types |
|---|---|---|
BINANCE | apiKey, apiSecret | spot, margin, futures |
OKX | apiKey, apiSecret, apiPassphrase | trading (unified), funding |
BYBIT | apiKey, apiSecret | unified, spot, contract |
COINBASE | apiKey, apiSecret | default |
KRAKEN | apiKey, apiSecret | spot, futures |
See Supported Venues for detailed setup instructions for each exchange.
Next Steps
- Supported Venues - Exchange-specific setup instructions
- Create a Credential - Store your exchange API keys
- Verify a Credential - Test and discover available accounts
- Manage Credentials - List, rotate, and revoke credentials
Security Best Practices
- Use IP Whitelisting - Restrict API keys to Cadenza's IP addresses
- Limit Permissions - Only enable required permissions (trade, read)
- Disable Withdrawals - Never enable withdrawal permissions
- Rotate Regularly - Update API keys periodically
- Monitor Usage - Review credential activity in your exchange dashboard