Synchronize API Keys Across Devices
Last updated
Last updated
By default API Keys are only saved in the local storage of your browser as explained in . However you also have the option to synchronize your API Keys across devices, by storing them on our servers.
For details on how we securely handle your synced API keys please see the
2FA must be enabled on your account to use this feature.
On the device you have your API keys added and want to sync them:
Navigate to Settings > Accounts
Enable Sync API KEYS
(Alternatively you can also activate it under Settings > General)
Request your verification mail
You will receive an email with a link to verify your device.
Under the SYNC tab you can manage and remove your devices from the sync service.
Once your device has been verified, you can store your API Keys on our servers.
Under the ACCOUNTS tab (Settings > Accounts) you can either choose manually which ones to upload and which ones to keep local only. Or you can enable Auto connect all accounts.
Log in to your account on a different device
Once again navigate to Settings > General > Sync Exchange API Keys Across Devices
Go to Accounts > Sync
Activate and verify your new device through email as before
Retrieve your keys on this new device.
We take your security serious! By default API key synchronization is deactivated and you have to activate the opt-in feature first. At any time it requires two-factor authentication (2FA) to be enabled on your account. You can manage API keys and devices individually, potentially excluding sensitive accounts from the sync service. Synchronized keys are stored in a fully isolated environment accessible only by Insilico servers, with no external internet access. For additional protection, all keys are encrypted using the AWS Key Management Service (KMS), adding an extra security layer beyond standard storage encryption. The device verification system ensures that only your explicitly authorized devices can access your keys - and even then, browsers only receive encrypted data. If you remove a verified device from your account, the locally stored keys on that device are automatically disabled, protecting against unauthorized access in case of device compromise.