Broker setup
Connect Interactive Brokers
0 steps0 fields
Step by step
Getting your Interactive Brokers API keys
Permissions
What to enable — and what to leave OFF
✓Enable these
No permissions required.
✕Never enable these
None — this broker does not expose a withdraw permission on this API.
Why this matters:Soar only ever needs read + place-order permissions. If you give a key withdraw or transfer access, anyone with that key could move funds — including a security risk if your machine is ever compromised. Disabling withdraw on the key itself means even a worst-case leak can't drain your account.
What you paste
The fields Soar asks for
Security & trust
Where your keys live
Soar passes your Interactive Brokerskeys straight from your browser into YOUR Cloudflare Worker. Soar's servers see them once during the ~30-second deploy window, then never again.
The bot that talks to Interactive Brokers runs on the free Cloudflare Workers tier in your own Cloudflare account. You see + control everything from your Cloudflare dashboard. You can rotate the keys, pause the bot, or destroy the Worker at any time — Soar has zero ability to undo that.
Read the full security model →See also
Related help topics
The connect-broker wizard explained
How the full 7-step flow works, end to end.
Security & trust
Op 18 / key safety / attestation / what Soar can and can't do.
How the autonomous bot works
Cloudflare Workers, scheduling, signal routing, position management.
Glossary
Plain-English definitions for every trading term Soar uses.