Documentation Index
Fetch the complete documentation index at: https://docs.tangerine.exchange/llms.txt
Use this file to discover all available pages before exploring further.
Tangerine is Non-Custodial
Tangerine never holds your funds. All assets remain on the underlying perp DEX platform (Hyperliquid, Aster, Lighter, etc.). Tangerine is an interface — it submits orders on your behalf, but the assets, account, and custody stay with the platform.What Tangerine Can Do
| Action | Via | Notes |
|---|---|---|
| Place, modify, cancel orders | Agent/signer key | Signed locally in your browser |
| Adjust leverage | Agent/signer key | Signed locally |
| View positions and balances | Platform API | Read-only, no signature needed |
| Deposit to platform | Your main wallet | You sign the deposit transaction |
What Tangerine Cannot Do
| Action | Why Not |
|---|---|
| Withdraw your funds | Agent/signer keys don’t have withdrawal permissions — only your main wallet can withdraw |
| Transfer assets to other addresses | Same reason — withdrawal-type actions require the main wallet |
| Access your main wallet private key | Tangerine only requests signatures, never the private key itself |
| Decrypt your stored keys without your wallet | Encryption key is derived from your wallet signature — Tangerine can’t derive it on your behalf |
The Agent Key Model (Hyperliquid)
On Hyperliquid, Tangerine uses an agent wallet — a key you authorize to trade on your account but not to withdraw. This is a native Hyperliquid feature. If you wanted to verify this yourself:- Go to Hyperliquid’s native interface
- Open your account’s API/agent settings
- You’ll see “Tangerine” listed as an authorized agent with trade-only permissions
The API Signer Model (Aster)
Aster’s API signer key is scoped to order submission. It cannot initiate withdrawals. Aster’s protocol enforces this at the smart contract level.Browser as the Trust Boundary
The security model assumes your browser is the trust boundary:- If someone has physical access to your computer and your browser storage is unencrypted at the OS level — they may be able to extract keys from localStorage (Layer 2)
- IndexedDB keys are encrypted with your wallet signature, so they’re safe even if the database file is copied
- Memory keys (Layer 3) are only accessible while the browser tab is open and require OS-level memory access to extract
- Use a hardware wallet for the signing wallet (all encryption/decryption still happen in browser, but the wallet signature requires physical confirmation)
- Enable full-disk encryption on your computer
- Don’t leave Tangerine tabs open on shared or untrusted machines
Tangerine’s non-custodial design means we cannot recover your keys if you lose access to your wallet. Keep your wallet’s seed phrase safe — it’s the root of trust for everything.