A Binance API key connects external software — bots, portfolio trackers, tax tools and trade journals — to your account. Creating one is quick; doing it *safely* is what matters. This guide covers the exact steps and the permission settings that keep your funds protected.
Before you begin
You'll need a verified Binance account with two-factor authentication enabled. If you're starting fresh you can create an account on Binance and finish verification first — API creation requires 2FA, and our link carries a signup benefit.
As always, decide the key's purpose before you create it:
- Tracker / journal / tax tool → read-only.
- Trading bot → enable spot or futures trading as needed, nothing more.
- Withdrawals → off, unless it's a system you built and fully control.
Step 1: Open API Management
Log in, go to your account menu, and select API Management. Label your key (e.g. "portfolio-readonly") and click Create API. Choose a System-generated key. Complete the 2FA prompts (authenticator + email/SMS).
Step 2: Set permissions carefully
By default Binance enables Read (Enable Reading). For a tracker or journal, that's all you need — leave everything else off. For a bot:
- Enable Spot & Margin Trading and/or Enable Futures — only the product the bot uses.
- Enable Withdrawals — leave OFF. Nearly no third-party app should have this.
Step 3: Restrict access by IP
Binance strongly encourages IP access restrictions, and for good reason. An unrestricted key with trade permissions is a large risk; a key locked to your server's IP is nearly useless to an attacker. Choose "Restrict access to trusted IPs only" and add your static IP. Note that trade/withdraw permissions on unrestricted keys are limited or expire.
Step 4: Save the secret key now
Binance shows the Secret Key exactly once, at creation. Copy the API key and secret into a password manager immediately. Lose the secret and you must delete and recreate the key.
Step 5: Verify before trusting
Connect the key to your app and confirm it reads balances correctly. For a journal, you're done. For a bot, test with tiny size or on testnet first.
Binance API security checklist
- Read-only for anything that doesn't place orders.
- Withdrawals off — always.
- IP-restrict every key.
- One key per app; delete unused keys; audit periodically.
- Enable 2FA on the account itself, not just the key.
With the key working, put the numbers to work: estimate your Binance fees with the fee calculator, compute leveraged outcomes with the PnL calculator, and compare Binance against other venues on the exchange comparison.