Security

Generate or view your API key and turn on two-factor authentication to protect your accounts.

Master passwordTwo-factor loginEncrypted at rest
In short

Your API key is a secret key that authenticates every API function call, so treat it as the master password for all of your trading accounts. The system creates one when you register; you can view or re-generate it after entering your AutoTrader login password. For extra safety, turn on two-factor authentication (2FA), which asks for a 6-digit code from an authenticator app at login and when viewing or editing account credentials.

API Key

Menu: Settings → Security. This screen is labelled Security in the menu — there is no separate “API Keys” menu. Your API key and two-factor login both live here.

This is a secret key which is used for authentication of API function calls. You can think of this as the master password for all of your trading accounts.

This key should be kept secret and must not be shared with anyone.

  • By default, the system creates an API key when you register.
  • Access your API key.
  • If your API key is compromised, you can always re-generate it using the Re-generate button.
  • To view your existing API key, click the View button.
  • Note: you must enter your AutoTrader login password for the above actions.

The key is saved in an encrypted format in our database, so even our support staff cannot read it. To know more, please refer to Security Concerns.

Two-Factor Authentication (2FA)

2FA is an extra security layer. It uses a time-based 6-digit code generated by an authenticator app, such as Google Authenticator or Authy.

There are two types:

  • Login 2FA — Requires a one-time 6-digit code from your authenticator app (Google Authenticator, Authy, etc.) each time you sign in.
  • Credentials 2FA — Adds a “step-up” challenge whenever you view or edit your trading account API credentials. You’ll be prompted for a one-time 6-digit code from your authenticator app before any sensitive credential data is shown.

How it works

  1. You enable 2FA in Settings → Security.
  2. Scan the displayed QR code (or manually enter the secret) into your authenticator app.
  3. Each time you login, after entering your username and password, you’ll be prompted to enter the current 6-digit code.
  4. This code changes every 30 seconds, making unauthorized access even harder—even if someone knows your password.

Why should you use it?

  • It is a simple yet powerful way to protect your account from unauthorized access.
  • It is especially helpful if you share your login with staff. 2FA ensures they cannot login without the code from your personal device.
  • It enhances account safety, aligning with best practices beyond standard username and password security.

Next steps

API documentationUse your API key in code.General settingsDefault account preferences.Settings menuBack to all settings.
Was this page helpful?

Last updated 21 June 2026