API Key Safety

Required Permissions Only

When creating an API key for Schduler, enable only Read and Trade permissions. Do not enable Withdrawal, Transfer, or any fund-movement permissions.

Never Enable Withdrawal

Schduler does not require withdrawal access. If a setup guide or any party asks you to enable withdrawal permissions for Schduler, do not proceed. Contact Schduler through the official channel immediately.

IP Whitelisting (Recommended)

Where your exchange supports IP whitelisting for API keys, restrict the API key to Schduler's IP addresses. This reduces the risk of unauthorized use if the key is exposed.

Keep API Keys Private

• Never share API keys in chat, email, or screenshots.
• Never paste API keys into unofficial forms or websites.
• Store API keys in a secure location.
• Do not use the same API key for multiple services.

If Your API Key Is Compromised

Revoke the API key immediately from your exchange account. Create a new API key with correct permissions only. Notify Schduler through the official contact method. Review your exchange account for unauthorized activity.

Seed Phrases and Passwords

Schduler will never ask for your seed phrase, wallet recovery phrase, or exchange password. If anyone claiming to be Schduler asks for these, it is not Schduler.