Coinigy uses APIs (application programming interfaces) offered by the exchanges to gather data and place trades. For charting only exchanges we do not require any API keys of our users. However to check your balances and place trades Coinigy requires you to input your personal API keys to authenticate requests.
It allows us to act as your account without knowing your password and in a well designed API management system you will be able to revoke access at any time to protect yourself.
This is the most secure method to accomplish the tasks our users often ask of us.
For more information check out: https://stackoverflow.com/questions/1453073/what-is-an-api-key
An API key and secret combo are no less secure than a Username and Password. And since an API often doesn't have full account control it tends to be more secure.
To protect our users Coinigy stores all API secrets in a separate database and uses financial level encryption to protect the keys. Our developers have released their own encrypted keys to the public and none have yet been cracked.
To protect yourself please never store the API secret in a text document, email, or shared screenshots. These are all routes for an attacker to take control of your account and wreck havok.