You need to make sure that the API key is marked as Readonly. This should
mean that the API key can only be used to retrieve account status, and it should not be possible
to perform trades or withdraw funds using that key.
Your Bit2c keys and secrets will never be displayed on the CryptFolio site, even if you have logged in.
Through the Bit2c interface you can revoke a set of API keys' access at any time by
going to your API page and clicking the delete button after below the API key.
Alternatively, you can disable access by clicking the edit button, unselecting the "Is Active" checkbox and clicking Save.