Hi, curious if members of a group could trade out of one application/server if all use their own individual api keys
Hi, curious if members of a group could trade out of one application/server if all use their own individual api keys
2026-06-10 · Kalshi · 30 条相关讨论
Hi, curious if members of a group could trade out of one application/server if all use their own individual api keys
Hi, curious if members of a group could trade out of one application/server if all use their own individual api keys
It'd be pretty tricky to pass the dev tos with that setup. Even with encryption a master admin would have access to everyone's credentials if they all live on the same server
It'd be pretty tricky to pass the dev tos with that setup. Even with encryption a master admin would have access to everyone's credentials if they all live on the same server
I’m assuming the alternative of having multiple users trade out of 1 api key also not ok. for context we share a pricing app that’s hosted on 1 local machine
I’m assuming the alternative of having multiple users trade out of 1 api key also not ok. for context we share a pricing app that’s hosted on 1 local machine
Oh yes forget tos, that is very much illegal
Oh yes forget tos, that is very much illegal
You can share global signals or logic or market streams, etc. But if you really want to do something like this it's best to have the individual credentials/execution layers live on separate servers owned by the acct holders
You can share global signals or logic or market streams, etc. But if you really want to do something like this it's best to have the individual credentials/execution layers live on separate servers owned by the acct holders
There are ways to do it above board but generally not really what people have in mind
There are ways to do it above board but generally not really what people have in mind
If you really want to be a collective like that, you likely need to start a company with your users as owners/officers - then its all under one umbrella. Not exactly a simple undertaking but it should allow you to preserve such a structure - not a lawyer though so get real advice if you do want to proceed down this path.
If you really want to be a collective like that, you likely need to start a company with your users as owners/officers - then its all under one umbrella. Not exactly a simple undertaking but it should allow you to preserve such a structure - not a lawyer though so get real advice if you do want to proceed down this path.
I don't see anything in https://kalshi.com/developer-agreement forbidding that? FWIW I share a VPS with others and it's fine... like we just run our different stuff separarely but it's all from the same IP and has never once caused an issue. One note is that we do sign all API requests even those that don't require it so that it counts against the account's rate limit and not the IP's rate limit.
I don't see anything in https://kalshi.com/developer-agreement forbidding that? FWIW I share a VPS with others and it's fine... like we just run our different stuff separarely but it's all from the same IP and has never once caused an issue. One note is that we do sign all API requests even those that don't require it so that it counts against the account's rate limit and not the IP's rate limit.
Hmm I'm just simply 100% certain that what I'm describing doesn't break the rules in any way and isn't even a grey area. We are all traders+coders who are writing code and running it using our own API keys in totally separate processes. There isn't overlap beyond being on the same physical server. Not trying to tell you how to do your thing - just trying to make it known to newcomers here that there's no need to be scared of doing something similar to save on hosting costs / ops overhead
Hmm I'm just simply 100% certain that what I'm describing doesn't break the rules in any way and isn't even a grey area. We are all traders+coders who are writing code and running it using our own API keys in totally separate processes. There isn't overlap beyond being on the same physical server. Not trying to tell you how to do your thing - just trying to make it known to newcomers here that there's no need to be scared of doing something similar to save on hosting costs / ops overhead
Are you 100% certain or have you just never received any kind of notice? Just because you haven't been dinged for it doesn't mean it doesn't violate the tos. Again, having different acct keys on the same VPS necessarily means one party has access to all of them which is a violation
Are you 100% certain or have you just never received any kind of notice? Just because you haven't been dinged for it doesn't mean it doesn't violate the tos. Again, having different acct keys on the same VPS necessarily means one party has access to all of them which is a violation
Kalshi specifically does not want people doing EXACTLY what you and the OP are describing. How diligently do they police it currently? Maybe not at all but the letter of the dev tos prohibits it
Kalshi specifically does not want people doing EXACTLY what you and the OP are describing. How diligently do they police it currently? Maybe not at all but the letter of the dev tos prohibits it
My read of the agreement is that using the API as someone else is prohibited, not that having the ability to go snoop (but not doing so) if I were nefarious and have root access to a shared server is prohibited In the same way that it's not prohibited/illegal for me to log into my own bank account on a shared family computer
My read of the agreement is that using the API as someone else is prohibited, not that having the ability to go snoop (but not doing so) if I were nefarious and have root access to a shared server is prohibited In the same way that it's not prohibited/illegal for me to log into my own bank account on a shared family computer
I'm saying that the letter, as I have read it, does not prohibit it. And nothing Kalshi has ever said would lead me to believe they don't want people doing it.
I'm saying that the letter, as I have read it, does not prohibit it. And nothing Kalshi has ever said would lead me to believe they don't want people doing it.
"My read" doesn't sound like 100% certain. My read, which has been backed up by mods in here, is the exact opposite
"My read" doesn't sound like 100% certain. My read, which has been backed up by mods in here, is the exact opposite
If you can point to a single mod message saying so I'd happily forfeit my claims!
If you can point to a single mod message saying so I'd happily forfeit my claims!
They don't want people building multi user platforms where users store their private credentials on a single 3rd party server. That is very explicit
They don't want people building multi user platforms where users store their private credentials on a single 3rd party server. That is very explicit
🤣
🤣
They don't want people making a frontend/app that induces users to input an API key or password, but that's very clearly not what I'm describing
They don't want people making a frontend/app that induces users to input an API key or password, but that's very clearly not what I'm describing
So how do the api keys get on your server?
So how do the api keys get on your server?
The owner of the API key sshes in and uses it in their own process when necessary
The owner of the API key sshes in and uses it in their own process when necessary