Sharing your API keys with third-party applications involves potential risks. The level of access is determined by the permissions you select when generating the key - for example, you may allow only read-only access (viewing account data) or grant additional permissions such as placing orders. We do not have official partnerships with any third-party apps, so we cannot guarantee their security or reliability. Please use caution and only share your API keys with apps you fully trust.
An API Key is a credential that enables information sharing and grants specific data access privileges, allowing you to fetch information or perform various actions. The API token generatable on our platform will give you access to instrument information, historical account information (such as all portfolio positions, paid-out dividends, etc.), and various others.
You can check applicable API documentation here, as well as the API Terms here.
How to Generate an API Key?
Before you can generate an API key, you must first accept a mandatory risk warning. This ensures you fully understand the risks of using third-party applications.
Once accepted, you can generate an API key from both web and mobile:
- Go to ‘Settings’ and open ‘API (Beta)’.
- Tap Generate API key and review the available permissions (e.g., account data, history, orders, portfolio).
- Fill out the New API Key form. You’ll be able to:
- Give your API key a name.
- Choose IP access restrictions
🤓 Tip
- Unrestricted (less secure): allows use from any IP address.
- Restrict access to trusted IPs (recommended): limits access only to the IPs or CIDR ranges you provide.
-
Submit the form to generate your keys. You will be presented with two credentials:
API Key (similar to before).
API Secret Key – this works like a password and will be shown only once after generation.
❗️ Important
The API Secret Key must be stored securely. If you lose it, you will need to generate a new key pair.
📄 Note
- API Keys may give access to sensitive information, so they should never be shared with unauthorized entities.
- API Key versions may differ between real and demo accounts.
- The API Secret Key is critical for authentication. Treat it with the same care as your account password.
- Currently, the Public API section is visible only for the General Invest Account and the Stock & Shares ISA Account.
How to Revoke Access for your API Key?
You have full control over your API Keys and can permanently delete them at any time. In our system, your “API Keys” refer to the API Key and API Secret pair that you generate.
Use the following process when you need to permanently and irreversibly revoke a set of API Keys. This is the recommended action if your credentials have been exposed or if you are decommissioning an application for good.
Steps to Delete Your API Keys
- Navigate to Settings: Open the application and go to the Settings menu.
- Find the API Section: Click on the API (beta) screen to see your list of keys.
- Open Key Details: Locate and click on the specific API Key card that you wish to delete. This will open the key details screen.
- Delete the Keys: Scroll to the bottom of the details screen and click the Delete button. You may be asked to confirm this action.
Result of Deletion
The effect of deleting your API Keys is instantaneous and permanent:
- Permanent Invalidation: Your API Keys (both the key and the secret) are immediately and permanently deleted from our systems.
- Access is Blocked: All services using those credentials will lose access instantly. Any future API requests made with the deleted keys will be rejected.
❗️ Important
Deleting your API Keys is irreversible. Once deleted, the credentials cannot be recovered, and any application relying on them will cease to function until a new set of keys is configured