When connecting exchanges to UNOCU, it's critical to use the minimum required permissions.
Required permissions
UNOCU only needs read-only access to your exchange account. Specifically:
- View balances — to show your holdings
- View orders/trades — to track trading performance
- View staking — to track staked positions and rewards
Permissions to never grant
Never enable these permissions for UNOCU:
- Trading — UNOCU does not execute trades
- Withdrawal — UNOCU never moves your assets
- Transfer — UNOCU does not transfer between accounts
Revoking access
You can disconnect an exchange at any time from Settings → Connectors. Click the exchange and select Disconnect. This removes the API key from UNOCU's encrypted vault. For additional security, also delete the API key from the exchange's settings.