Security

Reveal or re-generate your API key and turn on two-factor authentication to protect your accounts.

Master passwordTwo-factor loginEncrypted at rest
In short

Your API key is a secret key that authenticates every API function call, so treat it as the master password for all of your trading accounts. The system creates one when you register. On the Security page you can reveal the key after entering your AutoTrader login password, copy it with one click, or re-generate it if it is ever compromised. The top of the page shows three status tiles — API Key, Login 2FA and Credentials 2FA — so you can see at a glance which protections are on. For extra safety, turn on two-factor authentication (2FA), which asks for a 6-digit code from an authenticator app at login and when viewing or editing account credentials.

The Security page at a glance

Menu: Settings → Security. This screen is labelled Security in the menu — there is no separate “API Keys” menu. Your API key and two-factor login both live here.

The top of the page shows three status tiles: API Key, Login 2FA and Credentials 2FA. Each 2FA tile shows On or Off, so you can see at a glance how protected your account is. Click Manage on a tile to jump to that section.

API Key

This is a secret key which is used for authentication of API function calls. You can think of this as the master password for all of your trading accounts.

This key should be kept secret and must not be shared with anyone.

  • By default, the system creates an API key when you register.
  • The key is shown hidden (masked) on the page. To see it, click Reveal and enter your AutoTrader login password.
  • Once revealed, click Copy to copy the key, or Hide to mask it again.
  • If your API key is compromised, you can always re-generate it. Click Re-generate, then enter your AutoTrader login password in the confirmation. Remember: the old key stops working immediately, so update every program that uses it.
  • Access your API key.

The key is saved in an encrypted format in our database, so even our support staff cannot read it. To know more, please refer to Security Concerns.

Two-Factor Authentication (2FA)

2FA is an extra security layer. It uses a time-based 6-digit code generated by an authenticator app, such as Google Authenticator or Authy.

There are two types:

  • Login 2FA — Requires a one-time 6-digit code from your authenticator app (Google Authenticator, Authy, etc.) each time you sign in.
  • Credentials 2FA — Adds a “step-up” challenge whenever you view or edit your trading account API credentials. You’ll be prompted for a one-time 6-digit code from your authenticator app before any sensitive credential data is shown.

How to turn 2FA on

Click Enable 2FA in the section you want (Login or Credentials). A short 3-step setup opens: Scan → Verify → Done.

  1. Scan. Scan the QR code with your authenticator app. If you cannot scan, copy the secret key shown next to the QR code and enter it in the app by hand. Keep this secret key somewhere safe.
  2. Verify. Type the 6-digit code from the app into the six boxes. The code is checked as soon as you type the last digit. If the code is wrong, try again with the app’s current code — codes change every 30 seconds.
  3. Done. 2FA is now on, and the status tile at the top changes to On.

You can click Cancel at any time before the Verify step completes — 2FA is not turned on until a correct code is verified.

How login works after that

Each time you login, after entering your username and password, you’ll be prompted to enter the current 6-digit code. This code changes every 30 seconds, making unauthorized access even harder — even if someone knows your password.

How to turn 2FA off

  • Login 2FA — click Disable and confirm.
  • Credentials 2FA — click Disable and enter your current 6-digit code to confirm. This stops anyone without your authenticator device from removing the protection.

Why should you use it?

  • It is a simple yet powerful way to protect your account from unauthorized access.
  • It is especially helpful if you share your login with staff. 2FA ensures they cannot login without the code from your personal device.
  • It enhances account safety, aligning with best practices beyond standard username and password security.

Frequently asked questions

I clicked Enable 2FA but did not finish the steps. Is 2FA on now?

No. 2FA turns on only after you enter a correct 6-digit code in the Verify step. If you cancel or close the page before that, nothing changes and you can start again any time.

How do I see or copy my API key?

Open Settings -> Security. The key is hidden by default. Click Reveal, enter your AutoTrader login password, and the key appears. Then click Copy to copy it. Click Hide when you are done.

Next steps

Was this page helpful?

Last updated 14 July 2026