This article discusses our security practices and how we use your APIs with Shrimpy Pro.
The Shrimpy Pro team has gone through great measures to secure our systems. Our team is proud of the robust infrastructure we have developed. This article will highlight a few key ways the Shrimpy Pro platform protects our users.
API Keys
Every API key is securely encrypted and stored using FIPS 140-2 validated hardware security modules (HSMs) to protect the confidentiality and integrity of your Exchange API keys. Shrimpy Pro only requires the ability to read data and make trades, so your funds cannot be removed from the exchange.
Account Security
We also encourage all users to utilize our Two-Factor Authentication (“2FA”) service which secures access to your account. Strong passwords are required for every user account. All passwords are cryptographically hashed using modern, proven standards. All website data is transmitted over encrypted Transport Layer Security (“TLS”) connections (i.e., HTTPS).
Cold Storage
In order to further improve the security of your assets, Shrimpy Pro also offers the ability to input asset amounts through our "Cold Storage" feature. The assets listed here should be kept in a hardware wallet or other similar personally secured solution that you manage. This allows the application to consider these values for trading and rebalancing your portfolio, even though they are not maintained on the exchange. This balances liquidity of your portfolio with the security of leaving the majority of your holdings off the exchange.
IP Whitelisting
IP Whitelisting is a feature which exchanges use to restrict access to your cryptocurrency exchange account. Setting up IP Whitelists means the exchange will only accept requests when they are sent from the specific IPs that are input into the exchange. This prevents unauthorized access to your exchange account from any other IP.
Shrimpy Pro allows IP Whitelisting by ensuring we will only communicate with your exchange account from the IPs we provide you. This way, we can still perform trades, collect data from your account, and rebalance your portfolio, but only from the specified IPs.
Have questions, comments or concerns? Feel free to reach out to us via the blue "Support" button found in the bottom left corner of your Dashboard, or send an email to Support@Shrimpy.io.