🔗 Connecting Your Exchange API (Automatic Alerts)
~6 min read · For reference, not a prediction
What is API connection?
Baro can track your positions in two ways: (1) you enter the entry price and direction by hand, or (2) you connect an exchange API so Baro reads your actual positions automatically.
Connecting the API means handing Baro a 'read-only key' once. After that, Baro checks your exchange positions for you every 2–3 minutes and pings you on Telegram whenever it spots a risk signal. No more entering everything by hand.
This is a premium feature. → It's easier to follow if you read 'How to Use Baro' and 'How to Trade Futures' first.
Why connecting is worth it
- Automatic tracking: it reads your actual positions as-is, so you never have to type in an entry price by hand.
- Risk alerts: if you get close to liquidation, run too much leverage, or your losses grow large, it pings you instantly on Telegram. You won't miss it even when you're away.
- Multiple exchanges at once: you can monitor HyperLiquid, Binance, Bybit, OKX, Bitget, Gate, and KuCoin together.
- A safe scope: because it's read-only, Baro can only 'look at' your balance. It cannot place orders or make withdrawals.
Why is a read-only key safe?
When you create an exchange API key, you get to choose its permissions. All you need to give Baro is a 'read-only' key — one that can read your balance and positions but has no order or withdrawal permission.
Nervous about entering a key? Here's how Baro stores it. The moment you enter it, it's encrypted with Google Cloud KMS and saved, so only the ciphertext lives in the database. The plaintext key is unsealed in memory only for the instant an isolated 'read-only' server queries your positions, then immediately discarded (never written to logs either). The storage side and the decryption side have separate permissions, so even if an operator opens the database, all they see is ciphertext. And Baro's code has no order or withdrawal capability at all, so even if something went wrong, all this key could ever do is 'read.'
- Baro accepts read-only keys only. Don't enter a key that has withdrawal or trading permission.
- Keys are stored encrypted (never in plaintext). Decryption happens only inside the isolated query server.
- Baro's code has no path that executes an order or withdrawal at all. So even if a key leaked, no one could move money with it (it's read-only, so the exchange refuses).
Connecting HyperLiquid (easiest · no key needed)
HyperLiquid doesn't even need an API key. Just enter your wallet address and you're done (a wallet address is public information).
- Open Position AlertsIn the Baro sidebar, tap 'Position Alerts' (premium).
- Connect TelegramTap the 'Open Telegram bot and connect' button, hit Start in the bot, and you're connected.
- Enter your wallet addressPaste the 0x… wallet address you use on HyperLiquid and save — that's it. It's checked automatically every 2–3 minutes.
Creating and connecting a CEX (centralized exchange) API key
For centralized exchanges like Binance, Bybit, OKX, Bitget, Gate, and KuCoin, you create a read-only API key and enter it. The screens differ a little from exchange to exchange, but the flow is the same.
- Create a new API key on the exchangeExchange app/web → 'API' or 'API Management' menu → create a new key.
- ★Permissions: 'read-only' only★Turn on Read permission only, and be sure to turn OFF 'Trade' and 'Withdraw.' Never create a key with withdrawal permission enabled.
- Copy the API Key and SecretOnce created, you'll see an API Key and a Secret. The Secret is shown only once, so copy it then. On OKX, Bitget, and KuCoin you also set a Passphrase.
- Enter it in BaroPosition Alerts → under 'Other exchange (read-only API key),' pick the exchange, paste the Key and Secret (and Passphrase if required), and tap 'Connect this exchange.'
- Done — automatic checksOnce connected, it checks that exchange's positions automatically every 2–3 minutes too, and alerts you when there's risk. You can connect multiple exchanges at the same time.
- BinanceTop-right profile → Account → API Management. (The 'API' in the top menu is the developer docs page, so you can't create a key there.) → Create API → System generated.
- BybitTop-right account → API → New Key → select 'Read-Only' + Positions read access.
- OKXProfile → API → create key → permission 'Read' only (Trade and Withdraw off) + set a Passphrase.
- Bitget / Gate / KuCoinAPI Management menu → new key → read-only permission + (a Passphrase on Bitget and KuCoin). Withdrawal and trading off.
Safety checklist
- ✅ Read permission only — Trade and Withdraw turned off
- ✅ Enter only the newly created API Key and Secret, not your seed phrase or login password
- ✅ If anything seems off or you stop using it, delete that API key on the exchange (you can do this anytime)
- ✅ Alerts are for reference only — act on them yourself, directly on the exchange