API keys can be created by visiting the API settings page and clicking “Create a new API Key”. You will then be prompted with your new keys, as well as a menu to assign the role for the key.
What scope and role should I use when creating API keys?
When you create an API key, you are giving an application access to your account. Upon key creation, you must set the permissions granted to that key. Each application should have their own key so permissions can be granted separately for each application.
Please be aware that any entity with access to an API key and corresponding secrets can perform any activity permitted by its role. Treat and protect your API secret as you would a password and only share it with trusted entities.
Scope
Setting the scope determines which account you’re granting access to. “Master” is the equivalent of all your accounts. For most users, they only have one account, so this option works well. For users with multiple accounts, you may also grant access to just one account by selecting that account name from the list. Most users have a “Primary” account by default as their only account. For users with two or more accounts, those accounts will have unique, user-generated names; users can select any account from the drop down upon API Key creation.
The Master scope gives the application granted access via the key the ability to create new accounts, transfer funds or view balances, trade or transfer funds on behalf of any of your accounts.
Selecting any other account name will give the key the ability to view account balances, trade, or transfer funds for that specific account. For users with only one account, this account will be titled “Primary” in most cases.
Role
Setting the role determines what permissions the key has for the account or accounts selected.
Auditor:
Allows this read-only API key to:
- Check balances
- Check the status of orders
- See transfers such as deposits and withdrawals
- See all active orders
- See trade volume
- See past trades
Fund management:
Allows this API key to:
- Check balances
- Create new BTC or ETH deposit addresses
- Withdraw BTC or ETH to approved addresses
Trading:
Allows this API key to:
- Check balances
- Place and cancel orders
- Check the status of orders
- See all active orders
You can see more about roles here.
Note for UK customers:
To ensure compliance with the UK Travel Rule, outbound crypto transfers cannot be initiated via API. Inbound crypto transfers will also require the user to complete the appropriate attestation via mobile or web UI.
All other API functionalities are available.