SoarSoar
Broker setup

Connect Robinhood Crypto

6 steps2 fields

Soar makes the security key for you, all inside your browser. Your private key never leaves your device — Robinhood only sees the public half.

Step by step

Getting your Robinhood Crypto API keys

  1. 1
    Open Robinhood on a DESKTOP computer
    The Robinhood mobile app does not show this menu. You must use a desktop or laptop browser.
  2. 2
    Navigate to Crypto API credentials
    Sign in, then go to Account → Crypto → API credentials.
  3. 3
    Let Soar generate a security key
    Robinhood needs you to bring your own security key. In Soar, tap "Generate key" — Soar creates one safely in your browser. You get a public half (safe to share) and a private half (keep secret).
  4. 4
    Paste the PUBLIC key into Robinhood
    Tap "Add key" on the Robinhood page. Paste the PUBLIC half from Soar — your private key stays on your device. Robinhood never sees it.
  5. 5
    Pick what the key can do
    • Order placement
    • Account read
    • Holdings
  6. 6
    Copy the Key ID back to Soar
    Robinhood returns an API Key ID. Paste it below along with your private key from Soar.
Permissions

What to enable — and what to leave OFF

Enable these
  • Order placement
  • Account read
  • Holdings
Never enable these
  • (Robinhood has no "withdraw" option for this API)
Why this matters:Soar only ever needs read + place-order permissions. If you give a key withdraw or transfer access, anyone with that key could move funds — including a security risk if your machine is ever compromised. Disabling withdraw on the key itself means even a worst-case leak can't drain your account.
What you paste

The fields Soar asks for

  • API Key ID
    paste the Key ID Robinhood gave you
    The ID Robinhood returned after you submitted the public key.
  • Private Key
    Soar fills this in automatically when you tap "Generate keypair" above
    The private half of the key Soar made for you. Soar auto-fills this when you generate a keypair — do not edit.
    Soar auto-fills this — you don't paste anything in.
Security & trust

Where your keys live

Soar passes your Robinhood Cryptokeys straight from your browser into YOUR Cloudflare Worker. Soar's servers see them once during the ~30-second deploy window, then never again.

The bot that talks to Robinhood Crypto runs on the free Cloudflare Workers tier in your own Cloudflare account. You see + control everything from your Cloudflare dashboard. You can rotate the keys, pause the bot, or destroy the Worker at any time — Soar has zero ability to undo that.

Read the full security model →
See also

Related help topics