B BinanceHelper ZH EN JA KO Register on Binance
Tools FAQ Download App About Register on Binance
ZH EN JA KO

How to Create a Binance API Key

What Is an API Key

An API (Application Programming Interface) key is a pair of keys generated by Binance, consisting of an API Key and a Secret Key. Through API keys, third-party applications or your own programs can securely connect to your Binance account to perform actions like viewing account information and placing trades, without needing to log into the Binance website directly.

API keys are widely used in the following scenarios:

  • Quantitative trading: Executing strategies automatically through trading bots
  • Portfolio management: Connecting third-party asset tracking tools
  • Data analysis: Accessing market data and trading history
  • Tax reporting: Connecting cryptocurrency tax calculation tools

Prerequisites for Creating an API Key

Before creating an API key, make sure you have:

  1. Completed identity verification (KYC)
  2. Enabled two-factor authentication (2FA)
  3. A clear understanding of why you need the API and what permissions are required

Steps to Create an API Key

Creating on the Binance APP

  1. Open the Binance APP
  2. Tap the profile icon in the top left > "Security"
  3. Find the "API Management" option
  4. Tap "Create API"
  5. Choose the API type:
    • System-generated API key: Standard key pair
    • Self-generated API key (Ed25519 or RSA): For advanced users
  6. Enter a label/name for the API (e.g., "Quant Trading Bot")
  7. Complete security verification (Google Authenticator + email code + SMS code)
  8. The system generates the API Key and Secret Key

Creating on the Binance Website

  1. Log into the Binance website
  2. Click the profile icon in the top right > "API Management"
  3. Enter an API label name
  4. Click "Create API"
  5. Complete security verification
  6. Obtain the API Key and Secret Key

Saving the Keys (Extremely Important)

The Secret Key is only displayed once! After creation, you must immediately save the Secret Key in a secure location:

  • Use an encrypted password manager
  • Write it down and store in a secure location
  • Don't store it in plaintext within code
  • Don't send it via email or chat tools

If the Secret Key is lost, you can only delete the current API and create a new one.

Configuring API Permissions

After creating the API, you need to configure permissions based on your usage needs. Permission settings should follow the principle of least privilege — only enable the permissions you actually need.

Available Permission Descriptions

Permission Function Risk Level Recommendation
Read Info View account balance, trading records Low Enable as needed
Spot Trading Place orders on the spot market Medium Required for quantitative trading
Futures Trading Place orders on the futures market High Required for futures bots
Withdrawal Allow cryptocurrency withdrawal via API Very High Strongly discouraged
Margin Trading Use leverage features High Enable as needed

Permission Configuration Recommendations

Read-only (Safest):

  • Enable: Read Info
  • Suitable for: Asset tracking tools, tax reporting

Trading Use:

  • Enable: Read Info + Spot Trading
  • Suitable for: Quantitative trading bots

Absolutely Avoid:

  • Don't enable withdrawal permissions unless you fully understand the risks and genuinely need it
  • Enabling withdrawal permissions means that if the API is leaked, funds could be transferred out

Setting Up IP Whitelist (Strongly Recommended)

An IP whitelist is a critical security measure for API protection. Once set, only requests from specified IP addresses will be accepted.

Setup Method

  1. On the API Management page, find the created API
  2. Click "Edit Restrictions"
  3. Select "Restrict access to trusted IPs only"
  4. Enter the public IP address of your server or computer
  5. Save the settings

IP Whitelist Notes

  • If you use residential broadband, your IP may change and need periodic updates
  • Cloud servers (like AWS, Alibaba Cloud) for running trading bots have relatively stable IPs
  • You can add multiple IP addresses
  • Without an IP whitelist, the API may be restricted to read-only permissions

API Key Security Management

1. Don't Expose API Keys

  • Don't publish code containing API keys on platforms like GitHub
  • Use environment variables or configuration files to store keys
  • Don't share keys on public forums or social media

2. Use Environment Variables

Reference API keys via environment variables in code, rather than writing them directly:

# Good practice
API_KEY = os.environ.get('BINANCE_API_KEY')

# Bad practice
API_KEY = 'your_actual_api_key_here'

3. Rotate Keys Regularly

It's recommended to replace API keys every 3-6 months:

  1. Create a new API key
  2. Update all applications using the old key
  3. Confirm the new key works properly
  4. Delete the old API key

4. Monitor API Activity

Regularly check the API Management page for:

  • Whether API call frequency is normal
  • Whether there are unusual trading operations
  • Whether there's access from unknown IPs

5. Set Trading Limits

If the API is used for trading, you can set the following in third-party tools:

  • Maximum amount per trade
  • Daily trade count limits
  • Stop-loss protection

Deleting an API Key

If you no longer need an API key, or suspect it has been leaked, delete it immediately:

  1. Go to the API Management page
  2. Find the API to delete
  3. Click "Delete"
  4. Complete security verification
  5. The API is immediately invalidated

FAQs

Q: Is there a limit on the number of API keys? A: Yes, Binance typically limits each account to a maximum of 30 API keys. It's recommended to create different API keys for different purposes.

Q: Do API keys expire? A: API keys don't automatically expire unless you manually delete them or Binance disables them for security reasons. However, periodic replacement is recommended.

Q: Are there fee discounts for API trading? A: API trading fees are the same as regular trading, depending on your VIP level and whether you use BNB for fee deduction.

Q: What if I forgot my Secret Key? A: The Secret Key cannot be recovered. You'll need to delete the current API and create a new one.

Related Questions

Q
What Leverage Should Beginners Use for Futures Leverage recommendations for futures trading beginners, analyzing suitable scenarios and safe usage methods for different leverage levels from a risk management perspective.
Q
Which Crypto Has the Most Potential to Buy Analytical approaches and methodology for cryptocurrency investment, teaching you how to independently evaluate a coin's potential rather than recommending specific coins.
Q
How to Enable Two-Factor Authentication on Binance A comprehensive guide to setting up two-factor authentication (2FA) on Binance, including Google Authenticator, SMS verification, email verification, and more.
Q
How to Unfreeze a Frozen Binance Account A detailed guide on common reasons for Binance account freezing, the unfreezing process, and preventive measures to help users restore normal account access.
Q
What to Do If Your Binance Account Is Hacked Emergency guide: Steps to take after your Binance account is hacked, including freezing the account, contacting support, recovering the account, and preventive measures.
Q
How to Join the Binance Affiliate Program A detailed guide to the Binance affiliate program, including participation requirements, commission rates, and promotion methods.

Register on Binance now and get 20% fee discount forever

Sign up through BinanceHelper's exclusive link to automatically enjoy fee discounts

Register on Binance Download App