Question

How does Sandwich approach API Key Security?

Answer

Sandwich takes API key security seriously and provides several measures to enhance the security of user API keys.

Sandwich takes API key security seriously and provides several measures to enhance the security of user API keys. Here are the key aspects of Sandwich's approach to API key security:

User Custody: Users have full custody of their API keys. Sandwich allows users to enter their API keys into the app, and the keys are stored in a .keys file on the user's hard drive. Users can manage this file like any other file on their PC, including renaming and moving it.

Local Storage: The .keys file is stored locally on the user's machine. Sandwich does not transmit or store the .keys file on its servers or databases. The security and protection of the .keys file are solely the user's responsibility.

Encryption: Sandwich encrypts the .keys file using 256-bit encryption. This adds an extra layer of protection to the file and helps guard against unauthorized access.

Machine Tied: By default, the .keys file is tied to the machine on which it is created. This means that the file cannot be opened on another machine. This default setting helps prevent unauthorized access to the file if it is obtained by another person.

Password Protection: Users have the option to add a password to their .keys file. Sandwich highly recommends using a strong password comprising a combination of upper and lowercase letters, numbers, and special characters. Adding a password enhances the security of the .keys file and ensures that only the user can access its contents.

Exporting API Keys: Sandwich allows users to export API keys from the .keys file into plaintext (.txt) files for convenience. However, users must understand the risks involved in keeping their keys in vulnerable plaintext format and should exercise caution when handling these exported files.

In addition to these measures, Sandwich recommends that users further protect their API keys by:

  • Never sharing API keys with anyone.
  • Being selective with API key permissions and only granting the necessary permissions.
  • Creating separate API keys for different applications to manage permissions more precisely.
  • Utilizing IP whitelisting if offered by the exchange to restrict access to API keys from specific IP addresses.

Sandwich emphasizes that the primary security responsibility lies with the user and their PC. It is crucial for users to maintain the security of their computer, safeguard against malware and unauthorized access, and follow best practices for overall system security.