Can anyone steal my coins through API keys?

Theoretically, such a possibility, of course, exists, if you tick in API settings “Enable Withdrawals”, which we strongly recommend not to do! To protect yourself as much as possible from losing a deposit or part of it, we urge you not to pass your API keys to anyone and store them in an encrypted form or inaccessible place. Do not give access to your server to anyone. We use your API solely to issue a license to use our bot for trading in order to avoid unauthorized use of the bot with other keys. After issuing a license, your API is stored on our server in the encrypted form! You enter the secret API key in the api.ini file when preparing the bot for launch and no one except you should have access to it.