How to Create and Manage API Keys: A Simple Guide

Creating an API key is essential for allowing applications to interact with your account. Here's how you can do it, along with some tips on managing the scope and role of your API keys.

How to Create and Manage API Keys: A Simple Guide

Creating an API Key

To create an API key, head over to the API settings page on your platform. Once there, click on the option that says “Create a new API Key.” This will generate a new API key for you. You'll see the key appear on your screen, along with a menu where you can assign specific roles to it.


Setting the Scope and Role of Your API Key

When you create an API key, you're granting access to your account to an application. It's important to carefully set the permissions for each key, as these determine what the application can do with your account. Ideally, you should create separate keys for each application, allowing you to manage permissions for each one individually.

Keep in mind that anyone with access to an API key and its associated secrets can perform any action allowed by the key's role. Therefore, it's crucial to treat your API secret like a password—keep it safe and only share it with trusted individuals or entities.


Scope: Deciding Which Accounts to Grant Access

The scope defines which of your accounts the API key can access. If you have only one account, the "Master" scope, which covers all your accounts, is a good choice. However, if you have multiple accounts, you can select just one account from the list, which will restrict the key's access to that specific account.

For most users with only one account, this will typically be labeled as “Primary.” However, if you have multiple accounts with different names, you can select the desired account when creating the API key.

  • Master Scope: Grants the application full access to all accounts, allowing actions like creating new accounts, transferring funds, viewing balances, and trading.
  • Specific Account: Limits access to a single account, where the key can view balances, trade, or transfer funds for that account only.


Role: Defining What the API Key Can Do

The role assigned to your API key dictates what actions the application can perform on your account.

  • Auditor: This read-only role allows the key to view balances, check order status, see active and past trades, and track deposits and withdrawals.
  • Fund Management: This role allows the key to check balances, create new BTC or ETH deposit addresses, and withdraw BTC or ETH to approved addresses.
  • Trading: This role enables the key to check balances, place and cancel orders, and see the status of active orders.

You can find more detailed information about roles and permissions on your platform’s help pages.


Important Note for UK Customers

If you're in the UK, be aware that due to the UK Travel Rule, you cannot initiate outbound crypto transfers via API. Inbound transfers are still possible, but you'll need to complete the necessary attestation through the mobile or web interface. Other API functions remain unaffected.

By following these guidelines, you can effectively manage your API keys and ensure that your accounts are secure while still allowing necessary access to your applications.