diff --git a/backend/api/routes/account.py b/backend/api/routes/account.py
index f2aa49b..31d8663 100644
--- a/backend/api/routes/account.py
+++ b/backend/api/routes/account.py
@@ -27,8 +27,8 @@ async def _ensure_exchange_sltp_for_symbol(symbol: str, account_id: int = 1):
     """
     # 从 accounts 表读取账号私有API密钥
     account_id_int = int(account_id or 1)
-    api_key, api_secret, use_testnet = Account.get_credentials(account_id_int)
-    if not api_key or not api_secret:
+    api_key, api_secret, use_testnet, status = Account.get_credentials(account_id_int)
+    if (not api_key or not api_secret) and status == "active":
         logger.error(f"[account_id={account_id_int}] API密钥未配置")
         raise HTTPException(status_code=400, detail=f"API密钥未配置（account_id={account_id_int}）")
 
diff --git a/backend/database/models.py b/backend/database/models.py
index 9f5ac0d..3ceced3 100644
--- a/backend/database/models.py
+++ b/backend/database/models.py
@@ -101,19 +101,20 @@ class Account:
             return "", "", False
         try:
             from security.crypto import decrypt_str
-
+            status = row.get("status") or "active"
             api_key = decrypt_str(row.get("api_key_enc") or "")
             api_secret = decrypt_str(row.get("api_secret_enc") or "")
         except Exception:
             # 兼容：无 cryptography 或未配 master key 时：
             # - 若库里是明文，仍可工作
             # - 若库里是 enc:v1 密文但未配 ATS_MASTER_KEY，则不能解密，也不能把密文当作 Key 使用
+            status = "disabled"
             api_key_raw = row.get("api_key_enc") or ""
             api_secret_raw = row.get("api_secret_enc") or ""
             api_key = "" if str(api_key_raw).startswith("enc:v1:") else str(api_key_raw)
             api_secret = "" if str(api_secret_raw).startswith("enc:v1:") else str(api_secret_raw)
         use_testnet = bool(row.get("use_testnet") or False)
-        return api_key, api_secret, use_testnet
+        return api_key, api_secret, use_testnet, status
 
 
 class User: