Hyperliquid offers two ways for third-party platforms to trade on your behalf:
Generated from Hyperliquid's settings page
Consist of an API Key (public) and API Secret (private)
Can be restricted to trading-only permissions
Can be revoked at any time from Hyperliquid's interface
Sub-wallets derived from your main account
Controlled by a private key
Can only trade — no withdrawal access
More granular control over permissions
Setup difficulty
Easy
Moderate
Permission control
Good
Better
Revocation
Instant via Hyperliquid UI
Requires on-chain transaction
Multiple platforms
One key per platform
One agent per platform
Recommended for
Most users
Advanced users
Our recommendation: Use API Keys for simplicity. Use Agent Wallets if you need fine-grained control or are connecting to multiple platforms.
When you submit an API key or private key, it's immediately encrypted before being stored. Your keys are only decrypted at the moment of trade execution and are never cached. Even if someone accessed the database directly, they would only see encrypted (unreadable) data.
To immediately stop HyperSync from trading on your behalf:
From Hyperliquid: Revoke the API key or agent wallet permissions
From HyperSync: Delete the wallet from your Wallets page
Emergency: Use the Emergency Halt feature to stop all trading instantly
Even if HyperSync is compromised, an attacker cannot withdraw funds because the platform never requests withdrawal permissions.
Last updated