When you want to use a trading bot for automated orders, connect a third-party tool for portfolio analysis, or write your own program to pull market data, you'll need the Binance API. An API is essentially a "key" that you hand to a program, allowing it to perform specific actions on your behalf.
If you don't have a Binance account, sign up through the Binance website — the link includes a fee discount. If you prefer mobile, you can also download the Binance App to complete registration and setup.
What Are the API Key and Secret Key
When you create an API, you receive two things:
- API Key: Acts as your username — it tells Binance "who is making this request"
- Secret Key: Acts as your password — it verifies that the request actually came from you
Both values work together for your program to interact with your Binance account via the API. The Secret Key is displayed only once at creation — it can never be viewed again. Save it immediately when it appears.
Prerequisites for Creating an API Key
Before creating an API, your account must meet these requirements:
- Identity verification (KYC) completed
- Two-factor authentication enabled (Google Authenticator recommended)
- Account in good standing with no security restrictions
If all of these are in place, you're ready to create.
Step-by-Step: Creating an API Key
Step 1: Find the API Management page
Log in to Binance on desktop, click your profile icon in the top-right corner, and select "API Management" from the dropdown. You can also search for "API" in the top search bar to jump directly there.
Step 2: Name your API
On the API Management page, enter a label in the text field — something like "Quant Bot" or "Market Reader." This name is just for your own reference and doesn't affect functionality. Then click "Create API."
Step 3: Complete security verification
The system will ask for two-factor verification — typically an email code plus a Google Authenticator code. Follow the prompts.
Step 4: Save the Secret Key
After verification, the page displays both the API Key and Secret Key. This is the only time the Secret Key will be shown in full. Copy it immediately and store it somewhere secure — like a password manager. Never screenshot and send it to anyone, and don't save it in chat histories.
Configuring API Permissions
After creating your API Key, the most critical next step is setting permissions. By default, a new API Key only has "Read" permission. You need to manually enable others based on your use case:
Read permission (enabled by default)
Allows querying account balances, order history, market data, etc. If you only want to use a third-party tool for portfolio analysis, this permission alone is sufficient.
Trading permission
Allows placing, canceling, and modifying orders via API. Required for running quantitative trading bots. Once enabled, the program can automatically buy and sell on your account.
Withdrawal permission
Allows initiating withdrawals via API. Unless you're absolutely certain you need this, it is strongly recommended to keep it disabled. The vast majority of use cases don't require it. If your API Key is compromised and withdrawal permission is enabled, your funds could be transferred out.
The principle for permission configuration is "least privilege": Only enable what the program actually needs. If it doesn't need it, don't turn it on.
Setting Up an IP Whitelist
This is a step many people skip but is extremely important. An IP whitelist means only specific IP addresses can use this API Key.
Why set an IP whitelist?
Without a whitelist, anyone who obtains your API Key and Secret Key can access your account from anywhere. With a whitelist, even if your keys are leaked, the attacker can't use them because their IP isn't on the list.
How to set it up:
- On the API detail page, find the "IP Access Restriction" option
- Select "Restrict access to trusted IPs only"
- Enter your server's IP address or your local IP address
- Save the settings
If you're running programs on your local computer, enter your public IP (search "what is my IP" in any search engine). If you're using a cloud server, enter the server's IP.
Note: If your IP is dynamic (most residential broadband is), you'll need to update the whitelist every time it changes. In this case, using a cloud server with a static IP is much more convenient.
Testing the Connection
After configuration, run a simple test to confirm the API works correctly.
Here's a basic Python example:
from binance.client import Client
api_key = 'your_API_Key'
api_secret = 'your_Secret_Key'
client = Client(api_key, api_secret)
# Test connection: get account info
account = client.get_account()
print(account['balances'][:5]) # Print first 5 token balances
If it returns account balance information, the API is set up correctly. Common error causes include:
- Secret Key was copied incorrectly (extra spaces or missing characters)
- Your IP isn't on the whitelist
- Required permissions aren't enabled
- System clock is out of sync (API requests have strict timestamp requirements — a clock offset of more than a few seconds will fail)
API Security Best Practices
API security cannot be overstated. A leaked key with improper permissions can result in immediate, irreversible losses.
Things you should NEVER do:
- Don't put API Key and Secret Key in public code repositories (there are many cases of funds lost this way on GitHub)
- Don't send keys through chat apps like WeChat, Telegram, etc.
- Don't grant trading and withdrawal permissions to untrusted third-party tools
Security measures you SHOULD take:
- Store keys in environment variables or config files — never hardcode them
- Rotate API Keys periodically and delete old ones you no longer use
- Set up an IP whitelist
- Disable permissions you don't need
- Enable Binance's API trading risk alerts
FAQ
Q: How many API Keys can one account create?
Regular users can typically create up to 30 API Keys. VIP users have higher limits.
Q: Do API Keys expire?
There's no default expiration, unless you manually delete them or trigger a security alert. However, if an API Key hasn't been used for 90 days, Binance may automatically deactivate it.
Q: Are API trading fees the same as manual trading?
Yes — fees are based on your VIP level and whether you've enabled BNB fee deduction. It doesn't matter whether the order was placed via API or manually.
The API is a powerful tool, but with great power comes great responsibility. When using it for the first time, test with small amounts to confirm everything works properly before scaling up your trading.