How to create a futures API key on Gate.io?

Create a futures API key on Gate.io by enabling futures trading permissions, setting IP whitelisting for security, and completing 2FA—then test it with a simple balance fetch request.

Jul 23, 2025 at 03:49 am

Understanding Futures API Keys on Gate.io

A futures API key on Gate.io allows traders to automate trading strategies, manage positions, and retrieve real-time market data directly from the platform. Unlike spot trading keys, futures API keys must be explicitly enabled for futures trading permissions. This ensures that your automated systems interact only with the intended market segment. To begin, ensure you have a verified Gate.io account with two-factor authentication (2FA) activated—this is mandatory for API key creation.

Navigating to the API Management Section

Log in to your Gate.io account and locate the user dashboard. In the top-right corner, click on your profile icon. From the dropdown menu, select "API Management". This section is where all API keys—both active and inactive—are listed. If this is your first time creating an API key, the list will be empty. Click the blue "Create API" button to start the process. A pop-up window will appear prompting you to configure permissions and set restrictions.

Configuring Permissions for Futures Trading

In the API creation window, you must specify the scope of the key. Under the "Permissions" section, enable the following checkboxes:

• "Futures Trading" – This grants the key access to place and cancel futures orders.
• "Read-only for Futures Account" – Allows the key to fetch balance, position, and order history data.
• (Optional) "Transfer" – Only enable if your bot needs to move funds between spot and futures accounts.
  

  Do not enable "Spot Trading" unless your strategy involves both markets. Keep the key as minimal as possible to reduce exposure in case of compromise.

  Setting IP Whitelisting for Security

  
  Under the "IP Whitelist" field, enter the static IP address from which your application will send requests. Gate.io will reject API calls from any IP not listed here. If you're testing locally or using a dynamic IP, consider using a VPS with a fixed IP. You can add multiple IPs by separating them with commas. For example:

• "192.168.1.100, 203.0.113.50"

  If you leave this field blank, the API key will work from any IP—but this is highly discouraged for production use. After entering your IPs, double-check for typos to avoid connection issues.

  Completing the Two-Factor Authentication Step

  
  Before finalizing the key, Gate.io requires a 2FA code. Enter the code generated by your authenticator app (like Google Authenticator or Authy) in the provided field. You’ll also need to enter your "Fund Password"—this is different from your login password and must be set in advance under Security Settings if not already done. Once both are verified, click "Confirm". The system will display your new API Key and Secret Key. These will only appear once—copy them immediately into a secure password manager or encrypted file.
  

  Testing the API Key with a Simple Request

  
  To verify the key works, use a tool like curl or Postman to send a test request. For example, to fetch your futures account balance:

  curl -H "KEY: YOUR_API_KEY" \
     -H "SIGN: YOUR_SIGNATURE" \
     https://api.gate.io/api/v4/futures/usdt/accounts

  Replace YOUR_API_KEY with the key you just created. The signature (SIGN) must be generated using your Secret Key and the request parameters per Gate.io’s API documentation. If the response returns your balance in JSON format, the key is functional. If you get a 403 error, check your IP whitelist and permissions again.
  

  Storing and Managing Your API Key Safely

  
  Never hardcode your API key and secret in scripts or GitHub repositories. Instead, use environment variables:

• export GATEIO_API_KEY="your_actual_key"
• export GATEIO_API_SECRET="your_actual_secret"

  In your code, reference them as os.getenv("GATEIO_API_KEY") (Python) or process.env.GATEIO_API_KEY (Node.js). Rotate your keys every 90 days or immediately if you suspect misuse. You can disable or delete keys anytime from the same API Management page.

  ---

  Frequently Asked Questions

  Q: Can I use the same API key for both spot and futures trading?
  
  Yes, but only if you explicitly enable both "Spot Trading" and "Futures Trading" permissions during creation. For better security, it’s recommended to create separate keys for each market.

  Q: What should I do if I lose my Secret Key?
  
  You cannot recover it. You must delete the compromised key and create a new one. Any application using the old key will stop working until updated with the new credentials.

  Q: Why am I getting a "Permission Denied" error even after enabling futures trading?
  
  Check that the request is being sent to the futures endpoint (e.g., /api/v4/futures/usdt/...) and not the spot endpoint. Also verify that your IP whitelist matches the exact IP making the call.

  Q: Is it possible to restrict the API key to only read futures positions without allowing order placement?
  
  Yes. During setup, enable only the "Read-only for Futures Account" permission and leave "Futures Trading" unchecked. This limits the key to fetching data only.