API Keys

Overview

An API key is an authentication credential generated by Nautilus Portal to identify the source making a request to NautilusTrader Pro services.

API keys add a layer of security to your account. With them, you can authenticate requests without using your account username or password. Protect your API key like your password, never give it to a third party.

You can only maintain one active API key per account. Each key uses the prefix nt_ for easy identification.

Creating an API key

1. Click the Create API Key button
2. Provide a descriptive name for your API key (up to 255 characters)
3. Click Generate API Key
4. Copy your API key immediately—this is the only time it will be shown in full

Editing an API key

1. Click the pencil icon for the key you want to edit
2. Type a new name for the API key
3. Click Rename API Key

Rotating an API key

Regularly rotate your API key for security. This limits the time any one key is active.

1. Click the refresh icon for the key you want to rotate
2. Click Regenerate API Key to confirm
3. Copy the new key immediately

Note: Any applications currently using the API key will be disconnected.

Deleting an API key

1. Click the trash can icon for the key you want to delete
2. Click Delete API Key to confirm

Note: Before you delete a key, we recommend you first test that it's no longer in use.

Using your API key

Docker authentication

Environment variables

Securing your API keys

Secure your API keys carefully. If your API key is exposed, your account may incur charges.

• Don't store API keys in source code. Use environment variables instead.
• Regenerate any compromised key immediately. Delete or regenerate if exposed.
• Regularly rotate your keys to limit exposure time.
• Monitor the "Last Used" timestamp to detect unexpected usage.