Securely connecting your trading account to a third-party platform is a common requirement for many traders. This guide provides a clear, step-by-step process for generating the necessary credentials, ensuring a safe and authorized link between your exchange account and your chosen analytical or trading terminal.
Step-by-Step Guide to API Key Creation
Navigating the process of generating a new API key is straightforward when you follow these instructions.
Accessing the API Management Section
Begin by logging into your account on the exchange's website. Once logged in, locate your user profile icon, typically found in the upper-right corner of the screen. Clicking on this icon will reveal a drop-down menu. From this menu, select the option labeled API keys. This will direct you to the dedicated management panel for your API credentials.
Creating a New V5 API Key
Within the API management section, click the button to Create V5 API key. A form will appear, prompting you to configure the key's settings. For the safest connection to a trading terminal, it is highly recommended to select the option for Linking third-party apps. From the list of available applications, choose your specific terminal (e.g., Insilicoterminal). Selecting this option automatically applies critical security restrictions, limiting the key's use to the terminal's pre-approved IP addresses.
Configuring Key Details and Permissions
You must now provide a few essential details for your new key.
- Name Your Key: Assign a unique, recognizable name for this API key. This helps you identify its purpose later (e.g., "Trading-Terminal-June2025").
- Set a Passphrase: Create a strong passphrase. This is a critical security step. You must save this passphrase securely, as you will need to provide it along with the key and secret to connect to your terminal.
- Set Permissions: Under the permissions section, you will need to enable the Trade permission. This grants the terminal the necessary authority to execute orders on your behalf. Avoid granting unnecessary permissions like "Withdraw" to minimize risk.
Finally, click Confirm. You will likely be asked to complete a two-factor authentication (2FA) check to verify your identity.
Retrieving Your Credentials
After successful confirmation, a new screen will display your generated API key and Secret key. Copy both of these values immediately and store them in a secure location. They are required for the next step. The secret key is typically only shown once and cannot be retrieved later.
Connecting Your API Key to a Terminal
With your API key, secret key, and passphrase ready, open your trading terminal application. Proceed to the 'Settings' or 'Accounts' section, and navigate to the 'Account' tab. You will find fields to input your credentials.
Choose a display name for the account within the terminal, then paste your API key and Secret key into their respective fields. Crucially, you must also enter the Passphrase you created earlier. Once all details are submitted, the terminal should successfully establish a connection to your exchange account. For a seamless experience with various tools, you can often explore more integration strategies directly.
Manual IP Whitelisting for Advanced Setup
If you are creating a general API key instead of one specifically linked to a third-party application, you must manually configure IP whitelisting for maximum security. This involves adding the IP addresses of your terminal's servers to your API key's restrictions.
The following is a list of IP addresses that would need to be whitelisted for a typical terminal setup. You can copy and paste them into the appropriate field in the API key creation form:
18.167.89.125,18.167.8.216,43.198.26.42,18.166.216.236,18.163.207.89,43.198.196.202,43.198.149.125,43.198.214.66,18.167.53.222,18.166.252.235,16.163.177.207,18.167.243.99,18.167.32.21,18.166.224.0,18.166.106.248,18.162.176.190,16.163.65.4,18.167.188.106,16.163.19.198,18.167.49.196This manual step ensures that your API key will only function when accessed from these trusted servers, providing an additional layer of protection for your funds and data. To ensure you have the most current security information, it is always best to get advanced methods from official documentation.
Frequently Asked Questions
What is an API key and why do I need one?
An API key is a unique identifier used to authenticate a user or application connecting to a service. For trading, it allows a third-party platform, like a charting or automated trading terminal, to interact with your exchange account securely without needing your main login credentials, enabling features like live data feeds and order placement.
Is it safe to enable Trade permissions on an API key?
Yes, when configured correctly, it is a standard and safe practice. The key risk is mitigated by using IP whitelisting (which restricts where the key can be used) and by never granting withdrawal permissions unless absolutely necessary. Always ensure you are generating keys only on the official exchange website.
What should I do if I lose my Secret Key or Passphrase?
The secret key and passphrase are generally not recoverable. If you lose them, the standard security procedure is to immediately delete the compromised API key from your exchange account and generate a new one with a new secret and passphrase. This prevents any potential unauthorized access.
Why is IP whitelisting important for API security?
IP whitelisting is a critical security feature that restricts the locations from which your API key can be accessed. By specifying a list of trusted IP addresses (like those of your terminal's servers), you prevent anyone else from using your key, even if they somehow obtain the key and secret, dramatically reducing the risk of theft.
Can I use one API key for multiple applications?
It is not recommended. Best practice is to create a unique API key for each third-party application or service you use. This allows you to manage permissions individually and revoke access for one service without affecting others, maintaining a principle of least privilege for enhanced security.
What's the difference between a 'Linking third-party apps' key and a general key?
A key created through the "Linking third-party apps" option often has security best practices pre-configured, such as automatic IP restrictions tailored to that specific application. A general key gives you full control over all settings but requires you to manually configure these security restrictions, like IP whitelisting, yourself.