How to Create a Binance API Key
What Are API Keys and Their Use Cases
An API Key is an authorization credential that allows third-party programs or tools to access your Binance account on your behalf. Through the API, you can implement automated trading, connect quantitative trading bots, use third-party market analysis tools, or integrate your Binance account with tax calculation software.
Common use cases include: connecting quantitative trading bots (such as 3Commas, Pionex, etc.) for automated trading strategies; integrating with trading terminals (like TradingView) to place orders directly from charts; using tax software to automatically import trading records and calculate gains/losses; and developing your own trading programs that interact with Binance through the API interface.
Each API key consists of two parts: the API Key (public key) and the Secret Key (private key). The API Key identifies who you are, while the Secret Key signs requests to verify that operations genuinely come from you. The Secret Key is only displayed once at creation time and cannot be viewed afterward — you must save it securely immediately upon creation.
Steps to Create an API Key
Here's the process for creating an API key on the official Binance platform.
Step 1: Navigate to the API Management Page. Log in to the Binance web interface, hover over the user icon in the upper right corner, and find "API Management" in the dropdown menu. If using the Binance App, you can find the API Management entry in account settings or security settings.
Step 2: Create a New API Key. On the API Management page, enter a label name (to distinguish keys for different purposes, such as "Quantitative Trading" or "Market Monitoring"), then click the "Create API" button. The system will require you to complete security verification (email verification code, SMS code, Google Authenticator, etc.).
Step 3: Save the Secret Key. After passing verification, the system will display both the API Key and Secret Key simultaneously. Make sure to immediately copy the Secret Key and store it securely, as it cannot be viewed again after you close the page. It's recommended to use a password manager for storage — do not save it in plain text files or send it through messaging apps.
Step 4: Configure Permissions. After creation, only "Read" permission is enabled by default. You'll need to manually enable additional permissions based on your actual needs.
Permission Settings and Security Recommendations
Permission settings are the core of API key security management, and configuring them according to the principle of least privilege is essential.
Read Only Permission. Allows querying account balances, trade history, market data, and other information. If you're only connecting market analysis tools or tax software, enabling read-only permission is sufficient.
Spot & Margin Trading Permission (Enable Spot & Margin Trading). Allows placing spot and margin trade orders through the API. This permission is typically needed when connecting quantitative trading bots.
Futures Trading Permission (Enable Futures). Allows futures trading through the API. If your trading bot needs to operate on futures, this must be enabled separately.
Withdrawal Permission (Enable Withdrawals). Allows initiating withdrawals through the API. Unless you have very specific needs, it is strongly recommended NOT to enable this permission. If an API key with withdrawal permission is compromised, an attacker can directly transfer your assets.
IP Whitelist Restriction. Binance allows you to set an IP whitelist for each API key, so only requests from specified IP addresses will be executed. If you're running a trading bot on a server with a fixed IP, always set up an IP whitelist. This is the most effective measure against API key misuse after a leak. If no IP whitelist is configured, API keys will expire after 90 days by default.
Security summary: only grant the minimum necessary permissions, always set an IP whitelist, securely store the Secret Key and never share it, and regularly review and rotate API keys that are no longer in use.