Knowledge · Terms · API Wallet

API Wallet

Indicator concept
Hyperliquid API Wallet
A sub-wallet delegated by the main wallet with restricted rights — may trade, but cannot withdraw funds. Botty's security model.

Why API wallets

A main wallet (e.g. MetaMask) holds the actual capital and can perform any on-chain operation — in particular withdrawals. Leaving that private key on a server where a bot is running would be reckless.

The solution: Hyperliquid supports API wallets — separate key pairs that the main wallet authorizes for trading via a signature, but which have no withdrawal rights. Even if the API key is compromised, the attacker can only place trades — not drain the account.

Botty's setup

Botty uses three API wallets, one per strategy:

.env:
HL_ACCOUNT_ADDRESS_1 / HL_PRIVATE_KEY_1   # EMA_CROSSOVER
HL_ACCOUNT_ADDRESS_2 / HL_PRIVATE_KEY_2   # MACD_CROSSOVER
HL_ACCOUNT_ADDRESS_3 / HL_PRIVATE_KEY_3   # HOLY_GRAIL

Each strategy runs in its own thread with its own API wallet — isolated PnL, isolated margin, no cross-contamination. If one strategy gets liquidated, the others stay intact.

What API wallets may do

  • Place / cancel orders
  • Modify orders
  • Grouped orders (entry + stop atomically)
  • Set leverage
  • Close positions

What API wallets may NOT do

  • Withdraw to external wallets
  • Transfer USDC from perp → spot (in some setups)
  • Grant rights to other API wallets

Setup flow

  1. The main wallet opens the Hyperliquid UIAPI tab.
  2. A new key pair is generated (client-side, the private key stays local).
  3. The main wallet signs a message authorizing this new public key for trading.
  4. The new private key is placed in the .env.

Details and limits are in the Hyperliquid docs section on API wallets.