Broker setup
Connect Hyperliquid
5 steps2 fields
Hyperliquid's trading-only key cannot move money out. Your main wallet stays untouched even if the key leaks.
Step by step
Getting your Hyperliquid API keys
- 1Open Hyperliquid and connect your walletUse your main EVM wallet — MetaMask, Rabby, WalletConnect, or similar. This is the wallet that holds your money.
- 2Create a trading-only keyTap "Generate" or "Create Agent". Optionally name it.
Soar - 3Copy the key right awayHyperliquid shows a long string starting with "0x". Copy it immediately — shown ONCE only.
- 4Approve in your walletYour main wallet pops up a confirmation. Tap to approve. Free — no gas fees. Without this approval, the key won't work.
- 5Confirm the key appearsYou should see the new trading-only key listed on the page.
Permissions
What to enable — and what to leave OFF
✓Enable these
- Place trades
✕Never enable these
- Withdraw (this key physically cannot withdraw — by design)
Why this matters: Soar only ever needs read + place-order permissions. If you give a key withdraw or transfer access, anyone with that key could move funds — including a security risk if your machine is ever compromised. Disabling withdraw on the key itself means even a worst-case leak can't drain your account.
What you paste
The fields Soar asks for
- Main Wallet Address
0x...Your Hyperliquid MAIN account address — the wallet that holds your funds. NOT the agent/API wallet. (The bot signs as the agent but trades on behalf of this account.) - Agent (API Wallet) Private Key
0x...The private key Hyperliquid showed when you Authorized your API wallet (starts with "0x"). NEVER paste your main wallet key.
Security & trust
Where your keys live
Soar passes your Hyperliquidkeys straight from your browser into YOUR Cloudflare Worker. Soar's servers see them once during the ~30-second deploy window, then never again.
The bot that talks to Hyperliquid runs on the free Cloudflare Workers tier in your own Cloudflare account. You see + control everything from your Cloudflare dashboard. You can rotate the keys, pause the bot, or destroy the Worker at any time — Soar has zero ability to undo that.
Read the full security modelSee also
Related help topics
The connect-broker wizard explained
How the full 7-step flow works, end to end.
Security & trust
Key safety, the deployment agreement, broker permissions, and what Soar can and can't do.
How the autonomous bot works
Cloudflare Workers, scheduling, signal routing, position management.
Glossary
Clear definitions for every trading term Soar uses.
