How your keys are protected and what HYPR can and cannot do.
You generate an API key pair on Hyperliquid. You control the permissions — trade-only, no withdrawals. You paste the key into HYPR during setup.
The key is immediately encrypted using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256 authentication) before being stored. The encrypted key lives on the server so webhooks can execute trades 24/7 — without your phone being online.
Your keys are encrypted at rest on the server. They are never written to disk in plaintext.
Keys are decrypted only at the moment a trade executes, held in memory for the duration of the API call, then discarded.
Withdrawal permissions are never required. HYPR can place and cancel trades but cannot move funds out of your Hyperliquid account.
The encryption key is stored separately as an environment variable, not in the database.
Cannot withdraw funds from your account. The API wallet does not have withdrawal permission.
Cannot see your keys in plaintext at rest. They exist only as encrypted data.
Cannot access your account beyond the permissions you granted.
Use a trade-only API key. Do not enable withdrawal permissions when generating your API wallet on Hyperliquid.
Save your API key in your password manager or iOS Keychain. Safari will offer to save it automatically during setup.
Know that Hyperliquid only shows your key once. It cannot be recovered after creation. If lost, generate a new API wallet.
HYPR executes trades around the clock. When TradingView fires an alert at 3am, the server needs to authenticate with Hyperliquid. This requires your encrypted key server-side. We don't pretend otherwise.
Your keys are on the server, encrypted at rest, decrypted only during execution, and scoped to trade-only permissions. The blast radius is limited by design — even in a worst case, an attacker cannot withdraw your funds.
This is a deliberate tradeoff: 24/7 automated execution in exchange for server-side key storage with strong encryption and minimal permissions.