How to Connect an Exchange to BackFuture AI: API Keys, Security and Connection Check
BackFuture AI works through an exchange connection via API. This means that the user’s funds remain on the exchange account, while the system receives only the permissions that the user explicitly grants in the API key.
Supported exchanges
At the current stage, the platform is focused on working with MEXC and KuCoin. In the future, the list of connections can be expanded: Binance, OKX, Bitget, Gate.io, HTX, BingX, Coinbase, Bybit and other exchanges.
General connection process
- The user logs into their exchange account.
- Creates a new API key.
- Disables withdrawal permission.
- Enables only the required permissions: balance reading, order reading and trading.
- Sets an IP restriction if the exchange supports it.
- Copies the API Key and Secret Key.
- Adds the connection in the BackFuture AI dashboard.
- Runs a connection test.
- After a successful check, enables the required strategy or bot.
Required API permissions
| Permission | Needed? | Why |
|---|---|---|
| Read | ✅ Yes | So the system can see balances, orders, positions and status. |
| Trade | ✅ Yes | So the bot can open, add to and close trades. |
| Withdraw | ❌ No | This permission must not be given to a trading bot. |
| Futures | ◐ If needed | Only for strategies that work with futures. |
| IP whitelist | ✅ Recommended | Restricts key usage to approved server IP addresses. |
How to name a connection correctly
In the dashboard, it is better to use clear connection names. This is especially important if the user has several exchanges, sub-accounts or strategies.
- MEXC Spot Main — main spot account on MEXC.
- KuCoin Futures Conservative — futures account for a conservative strategy.
- Recovery PRO Connection — separate connection for Recovery/PRO logic.
- BTC ETH New Groups — separate connection for new BTC/ETH groups.
Step-by-step example
Step 1. Create an API key on the exchange
In the exchange account, open API Management or API Keys. Usually the exchange asks for a key name and confirms the action through email, phone or 2FA.
Step 2. Set permissions
For a trading connection, read and trade permissions are usually needed. Withdrawal must be disabled. If the exchange offers separate permissions for spot and futures, enable only the market you really plan to use.
Step 3. Add the key to BackFuture AI
In the dashboard, the user selects an exchange, enters API Key and Secret Key, sets a connection name and saves it. Secrets should not be displayed in full after saving.
Step 4. Test the connection
The system checks the key, permissions, balance access and the ability to receive status. If everything is correct, the connection receives an “Online” or “Connected” status.
Step 5. Enable a strategy
After the test, the user can select pairs, risk level, margin limit, add-on behavior, Recovery Mode and other settings.
Typical connection errors
| Error | Cause | What to do |
|---|---|---|
| Invalid key | API key or secret was copied incorrectly. | Create a new key or copy the values again. |
| No trading permission | Trade permission is disabled. | Enable trading permission, but keep withdrawal disabled. |
| IP not allowed | IP restriction does not include the server IP. | Add the correct server IP to the exchange whitelist. |
| Exchange unavailable | The exchange API is temporarily unavailable. | Wait and run the test again. |
Security principles
- Never enable withdrawal permission for bot API keys.
- Use separate API keys for different strategies.
- Use IP restrictions when possible.
- Do not show API secrets in full after saving.
- Delete old keys if they are no longer used.
- Use 2FA on the exchange account.
Conclusion
The safest model is when funds remain on the user’s exchange, and BackFuture AI works only through limited API permissions. This allows the platform to automate trading logic without direct access to withdrawals.