Back to Blog
AI & Technology30 min read
How to Get API Keys for Cryptocurrency Exchanges: Complete Guide for Binance, KuCoin, Bybit & 9 More Exchanges
API keys are essential credentials that allow trading bots and automated systems to interact with cryptocurrency exchanges programmatically. This comprehensive guide provides detailed, step-by-step instructions for creating API keys on 12 major cryptocurrency exchanges, ensuring you can set up automated trading securely and efficiently.
Table of Contents
Introduction
API keys are essential credentials that allow trading bots and automated systems to interact with cryptocurrency exchanges programmatically. This comprehensive guide provides detailed, step-by-step instructions for creating API keys on 12 major cryptocurrency exchanges, ensuring you can set up automated trading securely and efficiently.
Why You Need API Keys
- Automated Trading: Enable trading bots to execute trades on your behalf
- Portfolio Management: Access account balances and trading history programmatically
- Market Analysis: Fetch real-time market data and historical information
- Risk Management: Monitor positions and implement automated risk controls
Exchanges Covered
- • Binance
- • KuCoin
- • Bybit
- • Bitget
- • Crypto.com Exchange
- • Gate.io
- • HTX (Huobi)
- • MEXC
- • OKX
- • Kraken
- • Gemini
- • Coinbase Exchange
Understanding API Keys
What Are API Keys?
API (Application Programming Interface) keys are unique identifiers that authenticate your application's requests to an exchange's servers. They consist of:
API Key
Public identifier (like a username) - can be shared
API Secret
Private key used for signing requests (like a password) - must be kept secret
Passphrase
Additional security layer (like a PIN) - required by some exchanges
API Key Permissions
Read: View account balances, trading history, and market data
Trade: Place buy/sell orders and manage positions
Withdraw: Transfer funds out of your account (NEVER enable for trading bots)
Critical Security Rule: Only enable the minimum permissions required. For trading bots, enable "Read" and "Trade" only. Never enable "Withdraw" permissions.
Security Best Practices
Before creating API keys, follow these essential security practices:
1. Enable Two-Factor Authentication (2FA)
- Required: Enable 2FA on your exchange account before creating API keys
- Methods: Google Authenticator, Authy, or SMS-based 2FA
- Why: Adds an extra layer of security to your account
2. Use IP Whitelisting
- What: Restrict API key access to specific IP addresses
- How: Add your server's IP address to the whitelist
- Benefit: Prevents unauthorized access even if keys are compromised
3. Set Appropriate Permissions
- Enable: Read and Trade permissions
- Disable: Withdraw permissions (critical security measure)
- Reason: Trading bots don't need withdrawal access, and this prevents fund theft
4. Store Credentials Securely
- Never share API keys publicly
- Never commit keys to version control (Git)
- Use secure password managers
- Remember: Some exchanges show secrets only once - save them immediately
5. Regular Security Audits
- Review API key usage regularly
- Delete unused or compromised keys immediately
- Rotate keys periodically (every 90 days recommended)
Exchange-Specific Guides
Binance
Website: binance.com | Passphrase Required: No
Prerequisites
- Enabled two-factor authentication (2FA) on your account
- Made a deposit to your Spot Wallet (any amount)
- Completed identity verification (KYC)
Step-by-Step Instructions
- Step 1: Access API Management
- Log in to your Binance account
- Click the profile icon in the top right corner
- Select [Account] from the dropdown menu
- Navigate to [API Management]
- Step 2: Create API Key
- Click [Create API] button
- Choose your preferred API key type:
- System-generated API key (Recommended): Uses HMAC symmetric encryption
- Self-generated API key: Uses Ed25519 or RSA asymmetric encryption
- Step 3: Configure API Key
- Enter a label/name for your API key (e.g., "Trading Bot - Production")
- Select permissions:
- Enable: "Enable Spot & Margin Trading"
- Disable: "Enable Withdrawals" (Critical: Never enable this)
- Step 4: Complete Security Verification
- Verify with your 2FA device (Google Authenticator, SMS, etc.)
- Enter your passkey if prompted
- Complete any additional security checks
- Step 5: Save Your Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Store them securely (they won't be shown again)
- Click "Done" to complete the process
KuCoin
Website: kucoin.com | Passphrase Required: Yes
⚠️ CRITICAL: KuCoin requires a passphrase. Write it down immediately - you cannot use the API without it, and it cannot be recovered if lost.
Step-by-Step Instructions
- Step 1: Access API Management
- Log in to www.kucoin.com
- Click your avatar in the top right corner
- Select "API Management" from the dropdown
- Click "Create API"
- Step 2: Choose API Type
- Select "API Trading" for trading bot usage
- Step 3: Configure API Details
- Enter an API name (e.g., "Trading Bot")
- Create and enter an API passphrase:
- ⚠️ CRITICAL: Write down your passphrase immediately
- Store it securely - you'll need it for API authentication
- The passphrase cannot be recovered if lost
- Select API permissions:
- Recommended: "General" permissions (includes read and trade)
- Never enable: "Withdraw" permissions
- Step 4: Complete Security Verification
- Enter your trading password
- Enter email verification code (check your email)
- Enter Google verification code (from your 2FA app)
- Step 5: Confirm and Save
- Review all settings carefully
- Click "Confirm" to complete creation
- Immediately copy:
- API Key
- Secret Key
- Passphrase
Bybit
Website: bybit.com | Passphrase Required: No
⚠️ Important Limitations:
- API key creation is only available via the Bybit website (not the mobile app)
- New users may be restricted from creating API keys for the first 48 hours after registration
Step-by-Step Instructions
- Step 1: Access API Management
- Log in to www.bybit.com
- Click the human icon (profile) in the top right corner
- Navigate to "Account & Security" → "API Management"
- Alternatively, go directly to:
https://www.bybit.com/app/user/api-management
- Step 2: Create New API Key
- On the API Management page, locate "Create New Key" button (right side)
- Click "Create New Key"
- Step 3: Configure API Key
- Enter API key name (e.g., "Trading Bot")
- Select permissions:
- Enable: "Read" permission
- Enable: "Trade" permission
- Disable: "Withdraw" permission (Never enable)
- IP whitelist (Recommended):
- Add your server's IP address for enhanced security
- Leave blank for unrestricted access (less secure)
- Step 4: Complete Security Verification
- Enter your Google Authenticator 2FA code
- Click "Next Step" to proceed
- Review all settings
- Step 5: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Store them securely
- Click "Confirm" to complete
Bitget
Website: bitget.com | Passphrase Required: Yes
⚠️ CRITICAL: Bitget requires a passphrase. Save it immediately - it's required for API access and cannot be recovered if lost.
Prerequisites
- Active Bitget account
- 2FA enabled
Step-by-Step Instructions
- Step 1: Access API Management
- Log in to your Bitget account
- Navigate to Account → API Management
- Click "Create API"
- Step 2: Configure API Details
- Enter an API name (e.g., "Trading Bot")
- Create and enter a passphrase:
- ⚠️ Save your passphrase immediately - it's required for API access
- Store it securely - it cannot be recovered
- Select permissions:
- Enable: "Read" permission
- Enable: "Trade" permission
- Disable: "Withdraw" permission
- Step 3: Complete Security Verification
- Complete the security verification process
- This may include 2FA, email verification, or SMS verification
- Step 4: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Copy your Passphrase immediately
- Store all three securely
Crypto.com Exchange
Website: crypto.com/exchange | Passphrase Required: No
Prerequisites
- Active Crypto.com Exchange account
- 2FA enabled
Step-by-Step Instructions
- Step 1: Access API Settings
- Log in to Crypto.com Exchange
- Navigate to Settings → API Keys
- Click "Create API Key"
- Step 2: Configure API Key
- Enter a key name (e.g., "Trading Bot")
- Select permissions:
- Enable: "Trade" permission
- Disable: "Withdraw" permission (Never enable)
- Step 3: Complete 2FA Verification
- Enter your 2FA code from your authenticator app
- Complete any additional security checks
- Step 4: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Store them securely
Gate.io
Website: gate.io | Passphrase Required: No
Prerequisites
- Active Gate.io account
- 2FA enabled (recommended)
Step-by-Step Instructions
- Step 1: Access API Management
- Log in to Gate.io
- Navigate to Account → API Management
- Click "Create API Key"
- Step 2: Configure API Key
- Enter an API name (e.g., "Trading Bot")
- Select permissions:
- Enable: "Read" permission
- Enable: "Trade" permission
- Disable: "Withdraw" permission
- Step 3: Complete Security Verification
- Complete the security verification process
- This may include 2FA, email verification, or SMS
- Step 4: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Store them securely
HTX (Huobi)
Website: htx.com | Passphrase Required: No
Prerequisites
- Active HTX account
- 2FA enabled
Step-by-Step Instructions
- Step 1: Access API Management
- Log in to HTX
- Navigate to Account → API Management
- Click "Create API Key"
- Step 2: Configure API Key
- Enter an API name (e.g., "Trading Bot")
- Select permissions:
- Enable: "Read" permission
- Enable: "Trade" permission
- Disable: "Withdraw" permission
- Step 3: Complete Security Verification
- Complete the security verification process
- Enter 2FA code if required
- Step 4: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Store them securely
MEXC
Website: mexc.com | Passphrase Required: No
Prerequisites
- Active MEXC account
- 2FA enabled
Step-by-Step Instructions
- Step 1: Access API Management
- Log in to MEXC
- Navigate to Account → API Management
- Click "Create API"
- Step 2: Configure API Key
- Enter an API name (e.g., "Trading Bot")
- Select permissions:
- Enable: "Read" permission
- Enable: "Trade" permission
- Disable: "Withdraw" permission
- Step 3: Complete Security Verification
- Complete the security verification process
- Enter 2FA code if required
- Step 4: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Store them securely
OKX
Website: okx.com | Passphrase Required: Yes
⚠️ CRITICAL: OKX requires a passphrase. Save it immediately - it's mandatory and shown only once. You'll need it for all API requests.
Prerequisites
- Active OKX account
- 2FA enabled
Step-by-Step Instructions
- Step 1: Access API Management
- Log in to OKX
- Navigate to Account → API → Create API Key
- Click "Create API Key"
- Step 2: Configure API Key
- Enter an API key name (e.g., "Trading Bot")
- Create and enter a passphrase:
- ⚠️ CRITICAL: Save your passphrase immediately
- You'll need it for all API requests
- It cannot be recovered if lost
- Select permissions:
- Enable: "Trade" permission
- Disable: "Withdraw" permission (Never enable)
- Step 3: Complete Security Verification
- Complete the security verification process
- Enter 2FA code from your authenticator app
- Step 4: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Copy your Passphrase immediately
- Store all three securely
Kraken
Website: kraken.com | Passphrase Required: No
Prerequisites
- Active Kraken account
- 2FA enabled (required for API key creation)
Step-by-Step Instructions
- Step 1: Access API Settings
- Log in to Kraken
- Navigate to Settings → API
- Click "Generate API Key"
- Step 2: Configure API Key
- Enter a key name (e.g., "Trading Bot")
- Select permissions:
- Enable: "Query Funds" permission (for balance checks)
- Enable: "Create & Modify Orders" permission (for trading)
- Disable: "Withdraw Funds" permission (Never enable)
- Step 3: Complete 2FA Verification
- Enter your 2FA code from your authenticator app
- Complete any additional security checks
- Step 4: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Store them securely
Gemini
Website: exchange.gemini.com | Passphrase Required: No
Note: Gemini recommends all API keys be restricted to trusted IPs only. IP restrictions are highly recommended for security.
Prerequisites
- Active Gemini account
- 2FA enabled
Step-by-Step Instructions
- Step 1: Access API Settings
- Log in to Gemini Exchange
- Navigate to Settings → API Keys
- Click "Create a new API Key"
- Step 2: Configure API Key
- Enter a key name (e.g., "Trading Bot")
- Set role/permissions:
- Select "Trader" permission (allows trading operations)
- Configure specific permissions based on your needs
- Configure IP Allow List:
- Restricted to Trusted IPs Only (Recommended): Add your server's IP addresses
- Unrestricted: Less secure, not recommended
- Step 3: Complete Security Verification
- Complete the security verification process
- Enter 2FA code if required
- Step 4: Save Credentials
- Copy your API Key immediately
- Copy your Secret Key immediately
- Store them securely
Coinbase Exchange
Website: exchange.coinbase.com | Passphrase Required: Yes
⚠️ CRITICAL REQUIREMENTS:
- Passphrase is required and shown only once
- IP Whitelist is MANDATORY - you must provide at least one IP address
- API keys can only be used for a single portfolio
- All three credentials are required: Passphrase, Secret key, and Public key
Prerequisites
- Active Coinbase Exchange account
- 2FA enabled (required)
Step-by-Step Instructions
- Step 1: Access API Settings
- Log in to Coinbase Exchange
- In the Exchange dashboard, select "API" in the bottom of the left sidebar
- Click "+ New API Key" in the top-right corner
- Step 2: Configure API Key
Fill in the following fields:
- Portfolio:
- Select the portfolio for this API key
- ⚠️ Note: API keys can only be used for a single portfolio
- Multiple portfolios are not supported for API keys
- Permissions:
- Enable: "View" permission (for reading account data)
- Enable: "Trade" permission (for placing orders)
- Disable: "Withdraw" permission (Never enable)
- Passphrase:
- Create a passphrase
- ⚠️ CRITICAL: Save your passphrase immediately
- It will only be shown once
- IP Address Whitelist:
- ⚠️ REQUIRED: This is a mandatory field
- Enter your server's IP address(es)
- Separate multiple addresses with commas
- This adds an extra layer of security
- Portfolio:
- Step 3: Create API Key
- Review all settings carefully
- Click "Create API Key" at the bottom
- Complete 2-step verification (2FA)
- Step 4: Save Credentials
- Copy your API Secret immediately (shown on next screen)
- Copy your Passphrase immediately
- Note your Public Key (displayed on API Settings page)
- Store all credentials securely
Common Issues and Troubleshooting
Frequently Asked Questions
Key Takeaways
- Always enable 2FA before creating API keys
- Never enable withdrawal permissions for trading bots
- Use IP whitelisting whenever possible
- Save credentials immediately - some are shown only once
- Store credentials securely - use password managers
- Regularly review API key usage and permissions
Ready to Start Automated Trading?
Now that you have your API keys set up, explore AmpFi's institutional-grade AI trading platform. Access transparent AI predictions, non-custodial security, and systematic trading strategies across 12+ exchanges.