To connect third-party platforms and applications to Binance.US, you may be required to create and share your Binance.US API keys. Before you create an API Key, it’s essential to follow some best practices to securely manage your keys and prevent unauthorized access to your account.
What Are API Keys?
What Are API Keys?
API keys are 64-character randomized strings that effectively acts as a stand-in for your Binance.US email and password. API keys allow third-party platforms or entities to access your account and even perform actions - such as trades and withdrawals - on your behalf.
API keys can provide valuable advantages. For example, enabling Read access to a tax reporting platform can allow that platform to automatically access your transaction history and even calculate your cost basis. Similarly, enabling Spot Trading access to an automated trading platform will allow that platform to conduct trades on your behalf.
However, by sharing your API key, you are effectively providing these third-parties with critical access to your account. As such, you must treat API keys like passwords — keep them private and secure.
Important: Only share your API keys with trusted third-party platforms and provide the minimum level of access required for the platform to perform its task; i.e. for tax reporting platforms, only grant Read access instead of Spot Trading or Withdrawal access.
Best Practices & Security Tips
Best Practices & Security Tips
Managing API keys. Regularly review your API keys and delete keys that are no longer in use. Every 90 days, we recommend that you consider deleting all existing keys and creating new ones, to ensure you are regularly evaluating the third-party platforms you connect to. Binance.US will also reset API key permissions to read-only for inactive keys that are 1) unused for 90 days and 2) not secured by IP whitelisting.
Set whitelist permissions. If you have trusted third-party platforms you want to connect your Binance.US account to, visit their website and check whether they have any "whitelist" solutions you can enable to allow only trusted IP addresses to transact via your account. On Binance.US, you can also save and whitelist approved crypto addresses for withdrawals, using our built-in whitelisting feature.
Update your software. Check to make sure your computer or mobile device has the latest software updates installed. We also recommend that you regularly review any extensions you’ve installed on your web browser.
Enable two-factor authentication (2FA). To add an extra layer of security to your online accounts, always enable two-factor authentication if it is available. While we recommend using an Authenticator app, we also give you the option of using SMS authentication. If you haven’t done so already, click here to learn how to add two-factor authentication to your Binance.US account.
Have additional questions? Visit our Support Center to learn how to use Binance.US and get answers to your questions. If you need additional assistance, you can always reach out to our Customer Support via live chat or email.