Exchange API Credentials
Connect KhunQuant to your exchange accounts so it can read your portfolio, track prices, and execute trades on your behalf.
An API key is like a limited-access password for your exchange account. A correctly configured key lets KhunQuant see your portfolio and trade for you — but it cannot withdraw your funds. Follow these rules for every exchange:
- Never enable withdrawal permissions on any API key you give to KhunQuant.
- Save your Secret Key immediately after creation — it is shown only once. If you lose it, delete the key and create a new one.
- Never share your API key or secret with anyone, including in screenshots or chat messages.
- Enable IP whitelisting if available — it locks the key to your device's IP address.
Supported Exchanges
| Exchange | Type | Guide |
|---|---|---|
| Binance (global) | International crypto | Binance API Setup |
| BinanceTH | Thai crypto (Binance Thailand) | BinanceTH API Setup |
| OKX | International crypto | OKX API Setup |
| Bitkub | Thai crypto | Bitkub API Setup |
| Settrade | Thai SET stock market | Settrade API Setup |
How KhunQuant Stores Your Credentials
Your API keys are never stored in config.json. They are stored in a separate file called .security.yml inside ~/.khunquant/. This file is not tracked by version control and is not shared with anyone.
File layout:
~/.khunquant/
├── config.json ← settings (no secrets here)
└── .security.yml ← your API keys live here
Basic .security.yml structure for exchanges:
exchanges:
binance:
accounts:
- api_key: "paste_your_api_key_here"
secret: "paste_your_secret_key_here"
okx:
accounts:
- api_key: "paste_your_api_key_here"
secret: "paste_your_secret_key_here"
passphrase: "paste_your_api_passphrase_here" # OKX only
bitkub:
accounts:
- api_key: "paste_your_api_key_here"
secret: "paste_your_secret_key_here"
binanceth:
accounts:
- api_key: "paste_your_api_key_here"
secret: "paste_your_secret_key_here"
settrade:
accounts:
- api_key: "your_app_login_id"
secret: "base64_encoded_private_key"
pin: "your_trading_pin"
For production security, wrap each value with enc:// encryption using the Credential Encryption feature, or use env://VARIABLE_NAME to load from environment variables. See Security YAML Reference for the full reference.
Multiple Accounts
You can connect more than one account per exchange (for example, a main account and a sub-account). Just add more entries under accounts:
exchanges:
binance:
accounts:
- name: "main"
api_key: "key_for_main_account"
secret: "secret_for_main_account"
- name: "trading-bot"
api_key: "key_for_bot_account"
secret: "secret_for_bot_account"
When asking KhunQuant to use a specific account, say: "check my binance trading-bot account".
Enabling an Exchange in config.json
After adding credentials to .security.yml, enable the exchange in config.json:
{
"exchanges": {
"binance": {
"enabled": true
},
"okx": {
"enabled": true
}
}
}
For Settrade specifically, you also need to add non-sensitive fields to config.json:
{
"exchanges": {
"settrade": {
"enabled": true,
"accounts": [
{
"broker_id": "FSSVP",
"app_code": "ALGO",
"account_no": "1234567"
}
]
}
}
}
Quick Permissions Reference
| Exchange | Enable | Disable (critical) |
|---|---|---|
| Binance | Read + Spot Trading | Withdrawals ← never enable |
| BinanceTH | Read + Spot Trading | Withdrawals ← never enable |
| OKX | Read + Trade | Withdraw ← never enable |
| Bitkub | Read + Trade | Withdraw ← never enable |
| Settrade | (no granular toggles) | N/A — withdrawal not available via API |
Step-by-Step Guides
Follow the guide for each exchange you want to connect:
- Binance API Setup — international Binance (binance.com)
- BinanceTH API Setup — Thai Binance (binance.th)
- OKX API Setup — OKX with passphrase
- Bitkub API Setup — Bitkub (Thai baht crypto exchange)
- Settrade API Setup — SET stock market (most complex — read carefully)