API Keys & Authentication

API keys are how WhisperHedge securely connects to your trading platforms to monitor your LP positions. This section covers everything you need to know about managing API keys safely and effectively.

Overview

WhisperHedge requires API keys to:

• ✅ Read your position data
• ✅ Calculate impermanent loss
• ✅ Monitor position health
• ✅ Track fee earnings

We never require trading permissions. All API keys should be read-only.

Supported Platforms

Hyperliquid

For Hyperliquid HLP positions, you'll need:

• API Key (public)
• API Secret (private)
• Subaccount name (if applicable)

Get Hyperliquid API Keys →

Uniswap V3

For Uniswap V3 positions, you'll need:

• NFT Token ID
• Wallet address

Find Your NFT ID →

Key Concepts

Read-Only vs Trading Permissions

Read-Only (Required) - View positions - Check balances - Read transaction history - Calculate metrics

Trading (NEVER Required) - Place orders - Cancel orders - Transfer funds - Modify positions

Never Grant Trading Permissions

WhisperHedge only needs read access. Never create API keys with trading, withdrawal, or transfer permissions.

One Key Per Position

WhisperHedge requires a unique API key for each position you track. This is a security feature that:

• Limits exposure if a key is compromised
• Allows granular permission control
• Enables easy position removal
• Improves tracking accuracy

Learn more about this requirement →

Subaccounts

Hyperliquid supports subaccounts, which are separate trading accounts under your main account. Each subaccount:

• Has its own API keys
• Maintains separate positions
• Requires separate tracking

Understanding subaccounts →

Security Best Practices

Creating Keys

• ✅ Use read-only permissions only
• ✅ Create separate keys for each position
• ✅ Use descriptive names/labels
• ✅ Record key creation dates

Storing Keys

• ✅ Store keys securely (password manager)
• ✅ Never share keys publicly
• ✅ Don't commit keys to git repositories
• ✅ Keep API secrets private

Managing Keys

• ✅ Rotate keys every 3-6 months
• ✅ Delete unused keys immediately
• ✅ Monitor key usage
• ✅ Revoke compromised keys instantly

In WhisperHedge

• ✅ Keys are encrypted at rest
• ✅ Transmitted over HTTPS only
• ✅ Never logged or exposed
• ✅ Deleted when position is removed

Full security guide →

Common Tasks

Adding Your First API Key

1. Generate a read-only key on your platform
2. Copy the API key and secret
3. Add a new position in WhisperHedge
4. Paste the credentials
5. Verify and save

Step-by-step guide →

Rotating API Keys

1. Generate a new read-only key
2. Update the position in WhisperHedge
3. Verify the new key works
4. Delete the old key from your platform

Rotation guide →

Troubleshooting Key Issues

Common problems and solutions:

• Invalid key format
• Insufficient permissions
• Expired keys
• Rate limiting

Troubleshooting →

Platform-Specific Guides

Hyperliquid

• Extracting API Keys
• Understanding Subaccounts
• Setting Permissions

Uniswap V3

• Finding NFT IDs
• Wallet Connection

Quick Reference

Hyperliquid API Key Checklist

• [ ] Generated from Hyperliquid dashboard
• [ ] Read-only permissions only
• [ ] Correct subaccount (if applicable)
• [ ] Both key and secret copied
• [ ] Key tested and verified
• [ ] Old keys deleted after rotation

Security Checklist

• [ ] Keys stored in password manager
• [ ] No trading permissions granted
• [ ] Unique key per position
• [ ] Keys rotated regularly
• [ ] Unused keys deleted
• [ ] Never shared publicly

Need Help?

• Hyperliquid Key Extraction - Detailed walkthrough
• Permission Errors - Fix common issues
• Security Questions - Learn about our security
• Contact Support - Get personalized help

---

Next: Extract Hyperliquid API Keys →