Read-Only API Key Permission for Balance Retrieval

[yutingwang-eng]

Hi Longbridge Support Team,

I am writing to enquire about the possibility of restricting an API key to read-only permissions on the Longbridge OpenAPI platform.

My use case is as follows: I would like to use the API to programmatically retrieve my account balances and portfolio information. However, I am concerned about the security risk of having a fully-permissioned API key — specifically, if the key were ever stolen or compromised, it could potentially be used to execute unauthorised trades on my account.

Could you please advise on the following:

1. Is there a way to create or configure an API key that has read-only access (i.e., can query account balances and market data, but cannot place or modify any orders)?

2. If a per-key permission setting is not currently available, is this a feature that is planned for future releases?

3. As an interim measure, are there any recommended best practices to minimise trading risk when using the API solely for balance and portfolio retrieval?

Thank you for your time and assistance. I look forward to your response.

Best regards

[huacnlee]

Use OAuth 2

https://open.longbridge.com/docs/api?page=overview

[sylvan99]

me too, I have exactly the same concern about its API.