Atlas Sbw870763cBack to TradingHome
Help CenterMCPCoinrule MCP Permissions and Security Explained

Coinrule MCP Permissions and Security Explained

Last updated July 17, 2026

Understand Coinrule MCP Read and Write permissions, OAuth security, token access, live trading risks, and how to revoke an AI assistant.

Coinrule MCP lets you control how much access an AI assistant has to your Coinrule account. You choose between Read only and Read + Write during the OAuth connection process, and you can revoke the connection whenever needed.

The most important difference is simple: Read only lets an assistant inspect supported information, while Read + Write also gives it access to tools that can create and manage trading activity.

What permissions does Coinrule MCP use?

Coinrule MCP uses two documented OAuth scopes:

  • coinrule:read
  • coinrule:write

Read only grants coinrule:read.

Read + Write grants both coinrule:read and coinrule:write.

Permissions are approved through Coinrule's own consent screen during the connection flow.

For the full MCP documentation, visit the  Coinrule MCP documentation .

What can an AI assistant do with Read only access?

Read only allows the assistant to use supported tools for viewing information.

Documented capabilities include:

  • Listing and inspecting strategies.
  • Reading balances and holdings.
  • Viewing trades.
  • Viewing recent signals.
  • Inspecting PnL.
  • Accessing supported backtest information.

Read only does not expose write tools to the assistant.

Coinrule's documentation states that these tools are hidden entirely unless the connection has the coinrule:write scope.

For many monitoring workflows, Read only may be all you need.

What can an AI assistant do with Read + Write access?

Read + Write includes the available Read capabilities and adds access to supported Write tools.

The current MCP tools reference includes write capabilities for:

  • Validating a strategy.
  • Creating a validated strategy.
  • Creating a strategy from a plain-language prompt.
  • Updating a strategy.
  • Starting a stopped strategy.
  • Stopping or pausing a strategy.
  • Optionally closing open positions when stopping.
  • Creating custom baskets.
  • Launching baskets.
  • Running backtests.
  • Comparing backtest scenarios.

These permissions make conversational management possible, but they also make the wording of your instructions more consequential.

Can Read + Write access trade real money?

Yes, when the connection is being used with a live connected exchange or broker.

A Read + Write connection can allow an AI assistant to launch strategies that trade real funds.

Grant this permission deliberately, review your instructions carefully, and consider using paper trading while becoming familiar with AI-assisted workflows.

A useful principle is to use the lowest level of access required for your current workflow.

When you only need to inspect your account, Read only avoids exposing write tools.

When you intentionally want the assistant to create or manage supported trading automation, you can connect with Read + Write.

Coinrule's  AI trading copilots  resources provide additional context on the wider role of AI assistants in trading workflows.

How does Coinrule MCP authentication work?

Coinrule MCP uses OAuth 2.1 rather than asking you to give the AI assistant your Coinrule password or exchange API keys.

During the connection flow:

  1. Your AI client starts the Coinrule authentication process.
  2. You sign in through Coinrule.
  3. You approve the requested scope on Coinrule's consent screen.
  4. The AI client receives scoped access for the approved connection.

The assistant does not receive the password you use to sign in or your exchange API keys.

Does the MCP server have direct access to exchange keys?

No.

According to Coinrule's security documentation, the MCP server acts on your behalf through the Coinrule API.

It does not have direct access to Coinrule databases or your exchange keys.

The AI assistant therefore interacts with authorised Coinrule functions through the MCP connection rather than receiving your underlying exchange credentials.

How are MCP access tokens protected?

Coinrule documents several elements of the MCP access model:

  • Access is scoped according to the permissions you approve.
  • Access tokens are short-lived.
  • Refresh tokens rotate.
  • Requests are rate-limited per user.

These controls form part of the documented MCP security model.

How do you revoke an AI assistant's Coinrule access?

To remove a connection:

  1. Open Settings → Integrations in the Coinrule web app.
  2. Review the connected assistants.
  3. Find the connection you want to remove.
  4. Select Revoke.

The integrations view shows information about connected assistants and their access.

Revoking a connection cuts off access, and the connection's existing tokens stop working.

What are the best practices for Coinrule MCP permissions?

Start with Read only when possible

If you are primarily exploring MCP or asking questions about your account, Read only gives you access to supported monitoring information without exposing write tools.

Use Read + Write deliberately

Only enable write permission when you want the assistant to perform supported actions that require it.

Be clear about paper versus live trading

When asking an assistant to perform an action, specify whether you intend to use paper or live execution where relevant.

Review consequential instructions

An ambiguous request can be interpreted differently from what you intended.

Be specific about details such as the venue, capital amount, strategy, and paper or live trading when these details affect the requested action.

Revoke connections you no longer use

You remain in control of active connections through Settings → Integrations.

For setup instructions, see  How to Connect Your AI Assistant to Coinrule MCP .

You can also explore the  Coinrule MCP overview  or learn more about  AI trading .

Frequently asked questions

Is Read only enough to monitor my Coinrule account?

For the documented monitoring tools, yes.

Read access covers supported information including strategies, balances, holdings, trades, signals, and PnL.

Can a Read only assistant place a trade?

Write tools are hidden unless coinrule:write has been granted.

Does Read + Write always mean real trading?

Not necessarily. Write-enabled workflows can also use paper trading.

However, when the assistant operates on a connected live venue, write access can be used for actions that trade real funds.

Can I revoke access immediately?

Yes. Revoke the connection through Settings → Integrations.

Source:  Coinrule MCP documentation 

Was this article helpful?