Comment connecter un exchange à BackFuture AI : clés API, sécurité et test de connexion
BackFuture AI works through an exchange connexion via API. This means that the utilisateur’s fonds remain on the exchange account, while le système receives only the permissions that the utilisateur explicitly grants in the clé API.
Supported exchanges
At the current stage, the plateforme is focused on working with MEXC and KuCoin. In the future, the list of connexions can be expanded: Binance, OKX, Bitget, Gate.io, HTX, BingX, Coinbase, Bybit and other exchanges.
General connexion process
- The utilisateur logs into their exchange account.
- Creates a new clé API.
- Disables autorisation de retrait.
- Enables only the required permissions: balance reading, order reading and trading.
- Sets an IP restriction if the exchange supports it.
- Copies the API Key and Secret Key.
- Adds the connexion in the BackFuture AI dashboard.
- Runs a connexion test.
- After a successful check, enables the required stratégie or bot.
Required API permissions
| Permission | Needed? | Pourquoi |
|---|---|---|
| Read | ✅ Yes | So le système can see balances, orders, positions and statut. |
| Trade | ✅ Yes | So the bot can open, add to and close trades. |
| Withdraw | ❌ No | This permission must not be given to a trading bot. |
| Futures | ◐ If needed | Only for stratégies that work with futures. |
| IP whitelist | ✅ Recommended | Restricts key usage to approved server IP addresses. |
Comment to name a connexion correctly
In the dashboard, it is better to use clear connexion names. This is especially important if the utilisateur has several exchanges, sub-accounts or stratégies.
- MEXC Spot Main — main spot account on MEXC.
- KuCoin Futures Conservative — futures account for a conservative stratégie.
- Recovery PRO Connection — separate connexion for Recovery/PRO logic.
- BTC ETH New Groups — separate connexion for new BTC/ETH groupes.
Step-by-step exemple
Step 1. Create an clé API on the exchange
In the exchange account, open API Management or API Keys. Usually the exchange asks for a key name and confirms the action through email, phone or 2FA.
Step 2. Set permissions
For a trading connexion, read and trade permissions are usually needed. Withdrawal must be disabled. If the exchange offers separate permissions for spot and futures, enable only the marché you really plan to use.
Step 3. Add the key to BackFuture AI
In the dashboard, the utilisateur selects an exchange, enters API Key and Secret Key, sets a connexion name and saves it. Secrets should not be displayed in full after saving.
Step 4. Test the connexion
Le système checks the key, permissions, balance access and the ability to receive statut. If everything is correct, the connexion receives an “Online” or “Connected” statut.
Step 5. Enable a stratégie
After the test, the utilisateur can select pairs, risque level, marge limit, renfort behavior, Recovery Mode and other paramètres.
Typical connexion errors
| Error | Cause | Quoi to do |
|---|---|---|
| Invalid key | clé API or secret was copied incorrectly. | Create a new key or copy the values again. |
| No trading permission | Trade permission is disabled. | Enable trading permission, but keep withdrawal disabled. |
| IP not allowed | IP restriction does not include the server IP. | Add the correct server IP to the exchange whitelist. |
| Exchange unavailable | The exchange API is temporarily unavailable. | Wait and run the test again. |
Security principles
- Never enable autorisation de retrait for bot clés API.
- Use separate clés API for different stratégies.
- Use IP restrictions quand possible.
- Do not show API secrets in full after saving.
- Delete old keys if they are no longer used.
- Use 2FA on the exchange account.
Conclusion
The safest model is quand fonds remain on the utilisateur’s exchange, and BackFuture AI works only through limited API permissions. This allows the plateforme to automate trading logic without direct access to withdrawals.