Broker Credential Safety
Credential safety
Broker credentials are sensitive. Stockey support, docs feedback, AI-assisted prompts, and screenshots should not include secrets.
Do not send broker passwords, OTPs, full API secrets, full access tokens, trading PINs, private keys, or full .env files.
What not to send
Broker password
Share the broker name and safe error text instead.
OTP
Describe the step where OTP was requested instead.
Full API secret
Use a redacted prefix or placeholder instead.
Full access token
Share token status only, not the token value.
Unredacted screenshot
Remove secrets, QR codes, account IDs, and private URLs first.
Temporary historical-data sessions
The user chooses broker historical-data setup for a specific workflow.
Broker authentication, permissions, tokens, and availability remain broker-controlled.
The session is intended for user-requested historical data and setup checks.
The user reviews the test, report, availability result, or export preparation output.
Temporary session material should expire or be removed after the user-requested workflow.
Cleanup expectations
| Data type | Default handling expectation |
|---|---|
| Broker passwords and API secrets | Do not store permanently by default. |
| Access tokens | Session-limited and removed after the historical-data workflow or explicit disconnect. |
| Broker historical candles | Temporary for the selected test/export workflow unless the user saves a report that needs derived results. |
| Support screenshots | Redacted before sending and retained only for support, security, or legal needs. |
Exported package credentials
Generated packages should use placeholders. Users configure actual values in their own environment after download.
BROKER_NAME=zerodha
BROKER_API_KEY=your_local_key_here
BROKER_ACCESS_TOKEN=your_local_token_here
DRY_RUN=true
LIVE_TRADING_ENABLED=false
Safe screenshot sharing
- Remove tokens, account IDs, QR codes, OTP prompts, and private URLs.
- Share the route, browser, broker name, and sanitized error text.
- Use support only for product guidance and setup checklists.
Support boundaries
| Support can help with | Support cannot handle |
|---|---|
| Product navigation | Broker account operation |
| Data setup checklist | Credentials or OTPs |
| Error interpretation | Urgent market-position help |
| Export setup guidance | Trading decisions |
Checklist
- Secrets removed.
- Error text copied safely.
- Broker name included.
- Route and timestamp included.
- Screenshot redacted.