Broker setup
Connect Interactive Brokers
0 steps0 fields
Step by step
Getting your Interactive Brokers API keys
Permissions
What to enable — and what to leave OFF
✓Enable these
No permissions required.
✕Never enable these
None — this broker does not expose a withdraw permission on this API.
Why this matters: Soar only ever needs read + place-order permissions. If you give a key withdraw or transfer access, anyone with that key could move funds — including a security risk if your machine is ever compromised. Disabling withdraw on the key itself means even a worst-case leak can't drain your account.
What you paste
The fields Soar asks for
Security & trust
Where your keys live
Soar passes your Interactive Brokerskeys straight from your browser into YOUR Cloudflare Worker. Soar's servers see them once during the ~30-second deploy window, then never again.
The bot that talks to Interactive Brokers runs on the free Cloudflare Workers tier in your own Cloudflare account. You see + control everything from your Cloudflare dashboard. You can rotate the keys, pause the bot, or destroy the Worker at any time — Soar has zero ability to undo that.
Read the full security modelSee also
Related help topics
The connect-broker wizard explained
How the full 7-step flow works, end to end.
Security & trust
Key safety, the deployment agreement, broker permissions, and what Soar can and can't do.
How the autonomous bot works
Cloudflare Workers, scheduling, signal routing, position management.
Glossary
Clear definitions for every trading term Soar uses.
