How your keys are protected and what HYPR() can and cannot do.
You generate an API key pair on Hyperliquid. You control the permissions; trade-only, no withdrawals. You paste the key into HYPR() during setup.
The key is immediately encrypted using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256 authentication) before being stored. The encrypted key lives on the server so webhooks can execute trades 24/7, without your phone being online.
Your keys are encrypted at rest on the server. They are never written to disk in plaintext.
Keys are decrypted only at the moment a trade executes, held in memory for the duration of the API call, then discarded.
Withdrawal permissions are never required. HYPR() can place and cancel trades but cannot move funds out of your Hyperliquid account.
The encryption key is stored separately as an environment variable, not in the database.
Cannot withdraw funds from your account. The API wallet does not have withdrawal permission.
Cannot see your keys in plaintext at rest. They exist only as encrypted data.
Cannot access your account beyond the permissions you granted.
Use a trade-only API key. Do not enable withdrawal permissions when generating your API wallet on Hyperliquid.
Save your API key in your password manager or iOS Keychain. Safari will offer to save it automatically during setup.
Know that Hyperliquid only shows your key once. It cannot be recovered after creation. If lost, generate a new API wallet.
HYPR() executes trades around the clock. When TradingView fires an alert at 3am, the server needs to authenticate with Hyperliquid. This requires your encrypted key server-side. We don't pretend otherwise.
Your keys are on the server, encrypted at rest, decrypted only during execution, and scoped to trade-only permissions. The blast radius is limited by design; even in a worst case, an attacker cannot withdraw your funds.
This is a deliberate tradeoff: 24/7 automated execution in exchange for server-side key storage with strong encryption and minimal permissions.
HYPR() uses passkeys (WebAuthn) for account access. When you sign in, your device authenticates with Face ID, Touch ID, or your device PIN. No passwords.
Your passkey is bound to hypr.run. It cannot be phished or reused on other sites. The private key never leaves your device.
The server stores only your public key. Even if the database is compromised, an attacker cannot impersonate you; the public key alone is useless without your biometric.
Cross-device sync is automatic. Apple devices sync passkeys via iCloud Keychain. Android syncs via Google Password Manager. Register once, sign in anywhere.
Your webhook token is a unique secret used only for TradingView automation. When TradingView fires an alert, it sends the token to authenticate the request. This token is separate from your passkey and visible only inside the app.
Keep your webhook token private. Anyone with this token can send trade signals to your account. Treat it like a password.
Do not share your webhook URL. It contains your token. If compromised, delete your account and create a new one to generate a fresh token.