Binance API Setup (binance.com)

Connect KhunQuant to your Binance international account to track crypto prices, view your portfolio, and execute trades.

← Back to Exchange Overview

Before You Start

Make sure you have:

A Binance account at binance.com
Identity verification (KYC) completed
Two-Factor Authentication (2FA) enabled — use an authenticator app (Google Authenticator, Authy), not SMS

Critical Safety Warning

When creating your API key, you will see a permission called "Enable Withdrawals". Do NOT enable this. If someone obtains your API key, this permission would allow them to send your funds to any address. KhunQuant does not need withdrawal permission to function — it only needs Read and Trade access.

Step 1 — Open API Management

Log in to binance.com
Click your profile icon in the top-right corner
Select [Account] from the dropdown menu
Click [API Management] in the left sidebar
Click the [Create API] button

Mobile app alternative: Tap [More] → [Other] → [API Management] → [Create API]

Step 2 — Choose Key Type

Binance offers three key types. Choose based on your comfort level:

Option	Who It's For	Complexity
System-generated (HMAC)	Beginners, easiest setup	Simple
Self-generated (Ed25519)	Advanced users, most secure	Complex
Self-generated (RSA)	Advanced users	Complex

Recommended for most users: System-generated (HMAC)

Select System-generated and click Next.

Step 3 — Name Your API Key

Enter a clear label so you can identify this key later. Examples:

KhunQuant
Portfolio-Monitor
My-Trading-Bot

Use only letters, numbers, and hyphens. Click Next.

Step 4 — Verify Your Identity

Binance will ask you to verify. Complete:

Enter your 2FA code from your authenticator app
Click the confirmation link sent to your email

Wait for the page to reload with your new key.

Step 5 — Set Permissions

Read this carefully before clicking anything

You will see a list of permission checkboxes. Configure them exactly as follows:

Permission	Setting	Reason
✅ Enable Reading	ON	KhunQuant needs this to see your balances and orders
✅ Enable Spot & Margin Trading	ON	Required to place and cancel orders
❌ Enable Futures Trading	OFF	Only if you specifically use futures
❌ Enable Options Trading	OFF	Not needed
❌ Enable Withdrawals	OFF — NEVER ENABLE	Critical security risk
❌ Enable Internal Transfer	OFF	Not needed
❌ Enable Margin Loan	OFF	Not needed

Click Save after configuring permissions.

Step 6 — Set Up IP Whitelist (Recommended)

An IP whitelist locks your API key so it can only be used from your computer or server. Even if someone steals your key, they cannot use it from another location.

To find your IPv4 address: Go to https://whatismyipaddress.com/ and look for the IPv4 value (format: 123.456.789.0).

To add it:

Find the "Restrict access to trusted IPs only (Recommended)" section
Click [Add IP]
Paste your IPv4 address
Click Confirm

Dynamic IP — Local Computer Users

If KhunQuant runs on your home computer or laptop, your public IP address can change without warning — this happens when your router restarts or your ISP assigns you a new address. When that happens, Binance will reject your API key with an "IP not allowed" error. You will need to update the whitelist with your new IP.

If KhunQuant runs on a cloud server or VPS, use the server's static public IP instead — it won't change. Make sure your cloud instance or VPS is secured with a firewall so only you can access it.

Stable IP via Outbound Proxy

Running on a home machine but still want a permanent IP whitelist? Configure an Outbound Proxy — route Binance API traffic through a cheap VPS, then whitelist only the VPS IP on Binance. Go to http://localhost:18800/portfolios/binance, open your account card, and enter the proxy URL at the bottom. Binance supports http:// and https:// proxy schemes. See Outbound Proxy for IP Allowlisting for the full guide.

Read-only? Safe to Skip IP Whitelisting

If you configured the API key with Read permission only (no Trade), it is safe to leave IP whitelisting off. A read-only key can only view your balance and market data — it cannot place or cancel orders. Your account remains secure enough without the IP lock, and you won't have to worry about updating it when your IP changes.

30-Day Deletion Rule

Without an IP whitelist, Binance will automatically delete your API key after 30 days of inactivity. If you add a whitelist, the key never expires.

Step 7 — Save Your Keys

After clicking Save, Binance displays your keys one time only:

API Key — a long string starting with letters/numbers (can be viewed later)
Secret Key — another long string (⚠️ SHOWN ONLY ONCE — copy it now)

Action required:

Click the copy icon next to the Secret Key
Paste it into a password manager (1Password, Bitwarden, Apple Keychain, etc.)
Also copy and save the API Key

If you close this page without saving the Secret Key, you cannot get it back. You would need to delete this key and create a new one.

Step 8 — Add to KhunQuant

Recommended: Use the Web UI

Open KhunQuant's portfolio settings in your browser:

http://localhost:18800/portfolios/binance

Paste your API Key and Secret Key into the form and click Save. KhunQuant automatically encrypts the values with enc:// prefix — you never need to touch any config files.

Why Not Edit the File Directly?

If your .security.yml already uses encrypted fields (enc:// prefix), pasting a plain API key directly into the file will cause an authentication error at startup. The web UI handles encryption automatically and avoids this problem.

Alternative: Manual file edit (advanced users only)

If you prefer to edit files directly and are not using credential encryption:

Open ~/.khunquant/.security.yml:

exchanges:
  binance:
    accounts:
      - api_key: "paste_your_api_key_here"
        secret: "paste_your_secret_key_here"

Then open ~/.khunquant/config.json and enable Binance:

{
  "exchanges": {
    "binance": {
      "enabled": true
    }
  }
}

Restart KhunQuant. You can now ask it:

"What's my Binance balance?"
"Show me my open BTC orders"
"Buy 50 USDT worth of ETH on Binance"

Testnet (Optional)

If you want to test with fake money before using real funds, Binance offers a Testnet. Set "testnet": true in config.json:

{
  "exchanges": {
    "binance": {
      "enabled": true,
      "testnet": true
    }
  }
}

Create a separate API key at testnet.binance.vision for testnet use.

Troubleshooting

Problem	Solution
"Invalid API key" error	Check for spaces at the start/end of the key in your YAML file
"IP not allowed" error	Your IP may have changed. Update the whitelist on Binance or remove it temporarily
"Insufficient permissions"	Make sure "Enable Reading" is turned on
Key deleted after 30 days	Key had no IP whitelist. Create a new key and add an IP whitelist

Exchange Overview — full setup hub and .security.yml reference
BinanceTH API Setup — for Binance Thailand (different exchange)
Credential Encryption — encrypt your keys so they're not stored in plaintext

Before You Start​

Step 1 — Open API Management​

Step 2 — Choose Key Type​

Step 3 — Name Your API Key​

Step 4 — Verify Your Identity​

Step 5 — Set Permissions​

Step 6 — Set Up IP Whitelist (Recommended)​

Step 7 — Save Your Keys​

Step 8 — Add to KhunQuant​

Testnet (Optional)​

Troubleshooting​

Related​