Here is the discussion - edited for brevity but you can follow the links to see the context - that lead to me posting negative trust for the OP:
Lenders keep control of their funds via API KEY. Basically is RISK FREE , they could run away with all profits eventually.
That's not "control," and is completely false and misleading. An API key is not the same thing as a private key.
Secondly, an API KEY, based on its privileges, can act as a private key because it can be enabled for withdraw.
Stop talking nonsense. It depends on trusting your service, it's nothing like e.g. a Bitcoin private key.
Can an api key act as a private key? YES
Since the OP never mentioned this being a Bitmex API key (not an API key to the OP's own service), i.e. Bitmex controls the private keys, I'd be willing to revise my feedback if the OP removes all references to the API key acting "as a private key" and makes it perfectly clear that the counterparty risk lies
with Bitmex AND with the OP's service.