AI Summary
- KoinX only needs read-only access to your transaction data — it cannot trade, withdraw, or move your funds
- Never enable withdrawal or trading permissions on API keys you create for KoinX
- KoinX will never ask for your exchange password, seed phrase, or private keys
- Direct Connect uses OAuth — KoinX gets limited, revocable access without ever seeing your password
- Blockchain wallet integration only uses your public address — KoinX never has access to your private keys
- Your data is encrypted and stored securely
What Data Can KoinX Access?
The data KoinX can see depends on your integration method:API Integration
When you create an API key on your exchange and paste it into KoinX, KoinX uses that key to read your transaction history. This includes trades (buys, sells, swaps), deposits, withdrawals, and — depending on the exchange — futures trades, staking rewards, and other activity. What KoinX CAN see:- Your trade history (what you bought, sold, and when)
- Deposit and withdrawal records
- Fee information
- Account balances (read-only)
- Place trades on your behalf
- Withdraw or transfer any funds
- Change your account settings
- Access your exchange password
If you accidentally created an API key with withdrawal or trading permissions, revoke it immediately on your exchange and create a new one with read-only access only. Then update the key in KoinX.
Direct Connect
With Direct Connect, you do not enter your exchange login credentials inside KoinX. Instead, you open your exchange app or website and click on “Tax Report with KoinX” from within the exchange itself. The permission is granted directly by the exchange.KoinX does not request your login, password, or authentication details. What KoinX CAN see:- Trade history
- Deposits and withdrawals
- Other transaction data shared by the exchange
- Your exchange login password
- Your 2FA codes
- Place trades or move funds
- Access anything beyond what the exchange explicitly allows
Blockchain / Wallet Integration
For on-chain wallets (MetaMask, Phantom, Ledger, etc.), you only provide your public wallet address — the same address anyone can look up on a block explorer like Etherscan. What KoinX CAN see:- All on-chain transactions linked to that public address (token transfers, DeFi interactions, NFT activity)
- Your private keys
- Your seed phrase / recovery phrase
- Your wallet password
- Any ability to sign transactions or move funds
File Upload / Custom File
When you upload a CSV or custom file, KoinX only receives the data in that file. It has no ongoing connection to your exchange — it’s a one-time data transfer.What You Should Never Share
This applies to KoinX, KoinX support agents, and any third-party platform: Never share your:- Exchange login password
- Private keys (for any blockchain wallet)
- Seed phrase / recovery phrase (the 12 or 24 words)
- API keys with withdrawal or trading permissions enabled
- 2FA backup codes
- OTP codes with anyone who contacts you first
KoinX support may ask you to share your API Key (not the Secret Key) for debugging purposes, or your public wallet address. These are safe to share. But your Secret Key, Passphrase, and private keys should never be shared with anyone — not even KoinX.
How Your Data Is Stored
KoinX takes data security seriously:- Encryption in transit — All data between your browser and KoinX servers is encrypted using HTTPS/TLS
- Encryption at rest — Your transaction data and API keys are encrypted when stored on KoinX servers
- Access controls — Only authorised KoinX systems can access your data for processing
- No credential storage — For Direct Connect (OAuth), KoinX never stores your exchange password. For API, your Secret Key is encrypted and only used for syncing
Revoking Access
You can cut off KoinX’s access to your data at any time: For API integrations: Log into your exchange, go to API Management, and delete or revoke the API key you created for KoinX. KoinX will immediately lose the ability to sync new data. Existing data already imported into KoinX remains until you delete the integration. For Direct Connect: Go to your exchange’s authorised apps or connected applications settings and revoke KoinX’s access. The OAuth token becomes invalid immediately. For Blockchain wallets: There’s nothing to revoke — KoinX only reads public blockchain data. You can remove the integration in KoinX, but the public address data is always available on the blockchain to anyone. For File Uploads: There’s no ongoing connection to revoke. The data exists only within your KoinX account. Delete the integration to remove it.Should I integrate even if I’m worried about Security?
Yes — here’s why: The risk of not integrating is actually higher than the risk of integrating. If you skip exchanges or wallets because of security concerns, your tax report will be incomplete. Incomplete reports can lead to incorrect tax filings, which create real legal and financial consequences. KoinX’s read-only access model is specifically designed to make integration safe. You’re sharing the same data your exchange already reports to tax authorities in many jurisdictions. The difference is that KoinX helps you organise and calculate it correctly. If you’re still uncomfortable with API or Direct Connect, use File Upload or Custom File — these methods don’t create any ongoing connection. You download your data from the exchange yourself, upload it to KoinX, and there’s no persistent access.Common Issues / Edge Cases
I accidentally shared my Secret Key / Passphrase with someone
I accidentally shared my Secret Key / Passphrase with someone
Someone from KoinX support asked for my password
Someone from KoinX support asked for my password
This is a scam. KoinX support will never ask for your exchange password, seed phrase, or private keys. Report the incident to KoinX through the official chat widget or website.
I created an API key with full permissions by mistake
I created an API key with full permissions by mistake
Revoke it on your exchange immediately. Create a new key with read-only permissions only. Update the key in KoinX. As long as no one else has the old key, no damage was done — but don’t leave over-permissioned keys active.
Can KoinX integrate on my behalf if I share my credentials?
Can KoinX integrate on my behalf if I share my credentials?
Frequently Asked Questions
Can KoinX trade or withdraw from my exchange?
Can KoinX trade or withdraw from my exchange?
No. KoinX only uses read-only API access. It can view your transaction history but cannot place trades, make withdrawals, or move any funds. Always verify your API key only has read/view permissions enabled.
Is it safe to share my public wallet address with KoinX?
Is it safe to share my public wallet address with KoinX?
Should I share my Secret API Key with KoinX support?
Should I share my Secret API Key with KoinX support?
What happens to my data if I delete my KoinX account?
What happens to my data if I delete my KoinX account?
Your transaction data, integrations, and reports will be deleted from KoinX’s systems. Any API keys you created on your exchanges will remain active on the exchange side — you should revoke those separately for good hygiene.
What’s Next?
- Getting Started with Integrations — Ready to connect your first exchange? Start here
- API Integration Guide — Detailed walkthrough for setting up read-only API keys
- Blockchain & Wallet Integration — Connect wallets using just your public address
- Choosing Your Integration Method — Not sure which method is safest for you? Compare them here