"Is it safe?" — this is the first question any rational trader asks when discovering the world of trading rebates. In an industry where the phrase "Not your keys, not your coins" is law, any integration with a third-party service raises justified concerns.
In this article, we will break down the technical side of how Sliceback operates, why we will never ask for your API keys, and why your security remains entirely at the exchange level.
How UID Tracking Works (The Technical Side)
Many people confuse rebate services with trading terminals or bots. The main difference is that Sliceback operates completely outside your trading execution loop.
When you register an account via our partner link, the exchange (Bybit, OKX, or Binance) places an invisible "tag" in its database, linking your UID (User ID) to our partner code.
What happens next:
- You execute a trade within the exchange.
- The exchange calculates the commission and automatically allocates the affiliate share.
- Once a day, the exchange sends us a report via its partner API.
- This report contains only numbers: trading volume, commission amount, and your UID.
What is NOT in this report:
- Your passwords or 2FA codes.
- Your wallet balances (other than the commission generated).
- Your open positions or entry/exit prices.
Why API Keys are an Unnecessary Risk
Some questionable services (crypto rebate scams) might request API keys, claiming they need them for "more accurate calculations." This is a major red flag.
A legitimate rebate service does not require API keys to function. At Sliceback, we have consciously avoided any integrations that require read or trade permissions in order to:
- Eliminate the possibility of data breaches.
- Guarantee that we cannot influence your trades in any way.
- Remove the need for users to configure complex access permissions.
Security Access Levels Comparison
| Access Type | What the Service Sees | Risk to Funds | Used by Sliceback |
|---|---|---|---|
| UID (User ID) | Only ID and commission totals | Zero | ✅ Yes |
| API Read-only | Balances, trade history | Medium (strategy leak) | ❌ No |
| API Trade | Ability to open/close trades | High (manipulation) | ❌ No |
| API Withdraw | Ability to withdraw funds | Critical | ❌ No |
How Sliceback Protects Your Data
By working only with public identifiers (UIDs), we create a "sterile" environment:
- Fund Isolation: Your money always stays in your exchange wallets. We are a non-custodial service.
- Encryption: Even the minimal data we receive from the exchange is stored on secured servers using industry-standard SSL encryption.
- Privacy: We do not share your trading volume data with third parties.
How to Avoid Rebate Scams
Remember the three rules of safe rebating:
- Never provide API keys to services that only promise fee returns.
- Verify Partner Status. Reliable services are official brokers or exchange partners (you can verify our status by contacting Bybit or OKX support).
- Use 2FA. Even if you trust a service, always protect your main exchange account and your Sliceback account with Two-Factor Authentication.
Conclusion
Security at Sliceback is built on the principle of "Least Privilege." We don't need to know how you trade, what your balance is, or what your strategy entails. We only need your UID so the exchange knows where to send your rightful cashback.
Still have questions about security? Contact our support team, and we will be happy to provide more technical details about our integration.