DAXA Sets Standard to Curb Improper API Key Lending, Including Forced Expiration

The Digital Asset eXchange Alliance, or DAXA, said on May 28 that it had established a standard aimed at preventing crypto exchange users from improperly lending API keys.

An API key is authentication information that allows users to connect external programs to functions such as price inquiries, order placement, and deposits and withdrawals. Recently, some users were found to have lent or shared API keys with others, and those keys were used for unfair trading practices including price manipulation.

DAXA said it worked with the Financial Supervisory Service and its member exchanges to put the response framework in place.

The standard calls for member exchanges to apply measures in stages when improper API key lending is suspected, based on the level of risk. Those measures include intensive monitoring, warning notices, renewed identity verification and forced expiration of API keys.

Member exchanges will also introduce an IP whitelist system to strengthen security. The system restricts API key access to IP addresses users have registered in advance.

Kim Jae-jin, DAXA's executive vice chairman, said the new standard is part of member exchanges' ongoing efforts to block unfair trading at the source. He added that DAXA and its members would respond swiftly to new threats and strongly enforce necessary measures with user protection as the top priority.