Why API wallets
A main wallet (e.g. MetaMask) holds the actual capital and can perform any on-chain operation — in particular withdrawals. Leaving that private key on a server where a bot is running would be reckless.
The solution: Hyperliquid supports API wallets — separate key pairs that the main wallet authorizes for trading via a signature, but which have no withdrawal rights. Even if the API key is compromised, the attacker can only place trades — not drain the account.
Botty's setup
Botty uses three API wallets, one per strategy:
.env:
HL_ACCOUNT_ADDRESS_1 / HL_PRIVATE_KEY_1 # EMA_CROSSOVER
HL_ACCOUNT_ADDRESS_2 / HL_PRIVATE_KEY_2 # MACD_CROSSOVER
HL_ACCOUNT_ADDRESS_3 / HL_PRIVATE_KEY_3 # HOLY_GRAIL
Each strategy runs in its own thread with its own API wallet — isolated PnL, isolated margin, no cross-contamination. If one strategy gets liquidated, the others stay intact.
What API wallets may do
- Place / cancel orders
- Modify orders
- Grouped orders (entry + stop atomically)
- Set leverage
- Close positions
What API wallets may NOT do
- Withdraw to external wallets
- Transfer USDC from perp → spot (in some setups)
- Grant rights to other API wallets
Setup flow
- The main wallet opens the Hyperliquid UI → API tab.
- A new key pair is generated (client-side, the private key stays local).
- The main wallet signs a message authorizing this new public key for trading.
- The new private key is placed in the
.env.
Details and limits are in the Hyperliquid docs section on API wallets.