| Purpose | The key is not needed for the paper workflow, or the separate tool has a clear read-only need. | The product asks for a key before explaining why paper review needs it. | Use the no-key workflow first. |
| Permission scope | Read-only if absolutely required by a separate external tool. | Trade, withdrawal, transfer, margin, futures, or live order permissions. | Reject the setup for paper review. |
| Storage | The key is stored only in a proper secret manager or exchange tool settings. | The key appears in screenshots, logs, prompts, spreadsheets, or support messages. | Rotate the key and remove the leaked copy. |
| Network restrictions | The exchange supports IP restrictions and the user understands the allowed source. | The key is long-lived and usable from any network. | Prefer no key or tighten restrictions before use. |
| Rotation | The key can be disabled quickly and has a documented owner. | No one knows where the key is used or how to revoke it. | Create a rotation note before any experiment continues. |
| Paper boundary | The paper journal remains separate from live balances and execution. | Paper wins are used as an argument to increase live exposure. | Return to paper-trading limitations and readiness review. |