This is nice, cool HTML skills so far.
But tell me, since you have access to the API credentials of your 'free customers', what would stop a hacker from misusing the system to make unauthorized payments using those credentials?
Is that completely off the table with your little website?
Great question. You are encouraged to provide "VIEW ONLY" API keys to coingarden.ca
Any exchange worth its salt will allow you to set permission on the API key that provide balance info, but DO NOT allow withdrawal.
It is up to you to check and decide whether your exchange host provides sufficient security in this regard.
In my experience, 95% of exchanges prevent moving of funds by setting the API key permissions limited to balance information.
You will see permission options at some point during key creation in the settings on your exchange site. If you don't see any option or cannot figure it out, then delete your key and reply here and I will look into it.