로그인
← All guides

🔗 Connecting Your Exchange API (Automatic Alerts)

~6 min read · For reference, not a prediction

What is API connection?

Baro can track your positions in two ways: (1) you enter the entry price and direction by hand, or (2) you connect an exchange API so Baro reads your actual positions automatically.

Connecting the API means handing Baro a 'read-only key' once. After that, Baro checks your exchange positions for you every 2–3 minutes and pings you on Telegram whenever it spots a risk signal. No more entering everything by hand.

This is a premium feature. → It's easier to follow if you read 'How to Use Baro' and 'How to Trade Futures' first.

Why connecting is worth it

  • Automatic tracking: it reads your actual positions as-is, so you never have to type in an entry price by hand.
  • Risk alerts: if you get close to liquidation, run too much leverage, or your losses grow large, it pings you instantly on Telegram. You won't miss it even when you're away.
  • Multiple exchanges at once: you can monitor HyperLiquid, Binance, Bybit, OKX, Bitget, Gate, and KuCoin together.
  • A safe scope: because it's read-only, Baro can only 'look at' your balance. It cannot place orders or make withdrawals.
💡 The alerts are for reference only. They help you notice risk sooner — they don't trade for you or stop a liquidation. You still have to act on it yourself, directly on the exchange.

Why is a read-only key safe?

When you create an exchange API key, you get to choose its permissions. All you need to give Baro is a 'read-only' key — one that can read your balance and positions but has no order or withdrawal permission.

Nervous about entering a key? Here's how Baro stores it. The moment you enter it, it's encrypted with Google Cloud KMS and saved, so only the ciphertext lives in the database. The plaintext key is unsealed in memory only for the instant an isolated 'read-only' server queries your positions, then immediately discarded (never written to logs either). The storage side and the decryption side have separate permissions, so even if an operator opens the database, all they see is ciphertext. And Baro's code has no order or withdrawal capability at all, so even if something went wrong, all this key could ever do is 'read.'

  • Baro accepts read-only keys only. Don't enter a key that has withdrawal or trading permission.
  • Keys are stored encrypted (never in plaintext). Decryption happens only inside the isolated query server.
  • Baro's code has no path that executes an order or withdrawal at all. So even if a key leaked, no one could move money with it (it's read-only, so the exchange refuses).
⚠️ You are absolutely NOT entering your seed phrase (recovery phrase) or your exchange login password. You create a 'new API key' on the exchange with withdrawal and trading permissions turned off, and you enter only that API Key and Secret. Never enter your seed phrase or password anywhere — to anyone, Baro included.

Connecting HyperLiquid (easiest · no key needed)

HyperLiquid doesn't even need an API key. Just enter your wallet address and you're done (a wallet address is public information).

  1. Open Position AlertsIn the Baro sidebar, tap 'Position Alerts' (premium).
  2. Connect TelegramTap the 'Open Telegram bot and connect' button, hit Start in the bot, and you're connected.
  3. Enter your wallet addressPaste the 0x… wallet address you use on HyperLiquid and save — that's it. It's checked automatically every 2–3 minutes.

Creating and connecting a CEX (centralized exchange) API key

For centralized exchanges like Binance, Bybit, OKX, Bitget, Gate, and KuCoin, you create a read-only API key and enter it. The screens differ a little from exchange to exchange, but the flow is the same.

  1. Create a new API key on the exchangeExchange app/web → 'API' or 'API Management' menu → create a new key.
  2. ★Permissions: 'read-only' only★Turn on Read permission only, and be sure to turn OFF 'Trade' and 'Withdraw.' Never create a key with withdrawal permission enabled.
  3. Copy the API Key and SecretOnce created, you'll see an API Key and a Secret. The Secret is shown only once, so copy it then. On OKX, Bitget, and KuCoin you also set a Passphrase.
  4. Enter it in BaroPosition Alerts → under 'Other exchange (read-only API key),' pick the exchange, paste the Key and Secret (and Passphrase if required), and tap 'Connect this exchange.'
  5. Done — automatic checksOnce connected, it checks that exchange's positions automatically every 2–3 minutes too, and alerts you when there's risk. You can connect multiple exchanges at the same time.
⚠️ When you create the key, double-check that withdrawal and trading permissions are turned off. And if the exchange offers an 'allowed IP for the API key' option, locking it to only the listed IP makes it even safer (Baro will soon publish a fixed IP for this).
💡 If a screen asks what kind of key you want, choose 'System generated' (HMAC) — it's the simplest method, giving you an API Key and Secret right away, and it's what Baro uses. 'Self-generated' (RSA/Ed25519) requires you to create the key pair yourself, so it's for advanced users.
⚠️ ★Binance is the one exception.★ On Binance, to turn on 'read futures positions' you have to enable 'Enable Futures,' which also grants futures 'trading' permission (you can't turn off read alone). So for a Binance key: ① be sure to turn off Withdrawals and spot trading, and ② if possible, use 'Restrict access to trusted IPs' to limit allowed IPs to the IP Baro provides. (If you only want to see your spot balance, enabling just Reading gives you a truly read-only key.) On Bybit, OKX, Bitget, Gate, and KuCoin you get a clean 'read-only' key that reads futures positions without any trading permission.
  1. BinanceTop-right profile → Account → API Management. (The 'API' in the top menu is the developer docs page, so you can't create a key there.) → Create API → System generated.
  2. BybitTop-right account → API → New Key → select 'Read-Only' + Positions read access.
  3. OKXProfile → API → create key → permission 'Read' only (Trade and Withdraw off) + set a Passphrase.
  4. Bitget / Gate / KuCoinAPI Management menu → new key → read-only permission + (a Passphrase on Bitget and KuCoin). Withdrawal and trading off.

Safety checklist

  • ✅ Read permission only — Trade and Withdraw turned off
  • ✅ Enter only the newly created API Key and Secret, not your seed phrase or login password
  • ✅ If anything seems off or you stop using it, delete that API key on the exchange (you can do this anytime)
  • ✅ Alerts are for reference only — act on them yourself, directly on the exchange
This is a premium feature. If this is your first time signing up for an exchange, start with the 'How to Sign Up for an Exchange' guide.