Exchange Connection Methods
Two Connection Types
Different exchanges use different authentication methods. Sigma Engine supports both:
| Method | How It Works |
|---|---|
| Linked Signer | Delegate a signing key that can only trade — cannot withdraw. Used by on-chain DEXs. |
| API Keys | Provide an API key + secret with trading permissions only. Used by centralized exchanges. |
Linked Signer
Some exchanges use a delegation model. You authorize a secondary key (the bot's signer) to place orders on your behalf. Your main wallet private key is never shared.
Your Main Wallet (holds funds, can withdraw)
|
| authorizes (one-time signature)
v
Linked Signer (bot's key)
|
| can ONLY: place orders, cancel orders
| CANNOT EVER: withdraw, transfer, or access other users
v
Orders placed to YOUR subaccount only
API Keys
Other exchanges use API key authentication. You create an API key on the exchange with trading permissions only — no withdrawal permissions.
Your Exchange Account (holds funds)
|
| API key created with TRADE-ONLY permissions
v
Sigma Engine (uses key to place/cancel orders)
|
| can ONLY: place orders, cancel orders, read positions
| CANNOT EVER: withdraw, transfer, or modify account settings
v
Orders placed on YOUR account only
Important: Never enable withdrawal permissions
When creating API keys, only enable trading/order permissions. Never enable withdrawal, transfer, or fund movement permissions.
Security Guarantees (Both Methods)
- Non-custodial — We cannot withdraw or move your funds, ever
- Isolation — Each user's credentials are separate; no cross-user access
- Revocable — Revoke access anytime via the exchange's settings
- Encrypted — All credentials encrypted at rest (Fernet AES-128-CBC + HMAC-SHA256)