How to create and manage API keys on KuCoin?

Creating API Keys on KuCoin

1. Log in to your KuCoin account through the official website or mobile application. Navigate to the top-right corner and click on your profile icon, then select “API Management” from the dropdown menu.

2. On the API management page, you will see an option labeled “Create API.” Click this button to begin setting up a new API key. You may be prompted to complete two-factor authentication (2FA) for security verification.

3. Fill in the required details such as a name for your API key to help identify its purpose. Choose the permission levels carefully—options include reading, withdrawal, trading, and transfer permissions. Only enable what is necessary for your use case.

4. Enter your email address and complete the 2FA process by entering the code sent to your authenticator app. After confirmation, KuCoin will generate both an API Key and a Secret Key.

5. Safely store both the API Key and Secret Key in an encrypted environment or hardware vault. The Secret Key will not be shown again after this step and losing it means creating a new API pair.

Configuring Security Settings for API Access

1. After generating your API keys, set up IP binding if possible. This restricts API access to specific IP addresses, reducing the risk of unauthorized usage even if credentials are compromised.

2. Assign only the minimum required permissions. For example, if you're using the API for monitoring portfolio value, enable only “Reading” access. Avoid granting withdrawal rights unless absolutely necessary.

3. KuCoin allows users to add memo labels to each API key. Use descriptive memos like “Bot Trading – Server A” or “Portfolio Tracker” to distinguish between multiple integrations easily.

4. Regularly review active API keys under the “API Management” section. Disable or delete any that are no longer in use or associated with outdated applications.

5. Enable Google Authenticator-based confirmation for sensitive operations such as withdrawals initiated via API, adding another layer of protection against automated attacks.

Managing and Revoking API Keys

1. To manage existing API keys, return to the “API Management” dashboard. Here, all created keys are listed with their status, permissions, creation date, and bound IPs.

2. If a key has been exposed or is suspected of being compromised, immediately click the “Disable” button next to it. Disabling stops all API calls from being processed using that key.

3. For permanent removal, select “Delete” after disabling. Confirm the action using your 2FA code. Once deleted, the key cannot be recovered or reactivated.

4. When rotating keys—for instance during routine security audits—create a new API pair first, update your applications with the new credentials, then disable the old one after confirming functionality.

5. Monitor system logs or third-party service records to ensure smooth transitions when replacing API keys, especially in automated trading environments where downtime can affect performance.

Frequently Asked Questions

What should I do if I lose my Secret Key?Unfortunately, KuCoin does not allow retrieval of lost Secret Keys. You must create a new API key pair and configure it in your applications accordingly.

Can I change the permissions of an existing API key?No, permission settings cannot be modified after creation. To adjust access levels, generate a new API key with the desired permissions and deactivate the previous one.

Is it safe to use API keys with third-party bots?It can be safe if proper precautions are taken. Always limit permissions, bind to known IPs, avoid sharing keys, and use unique keys for each bot or platform.

How many API keys can I create on KuCoin?KuCoin allows users to create up to five API key pairs per account. Plan their usage strategically based on different tools or strategies requiring access.