How can I generate my API key on Crypto.com?

Accessing the API Management Section

1. Log in to your Crypto.com account using your registered email and password. Navigate to the top-right corner of the dashboard where your profile icon is located, then click on “API Management” from the dropdown menu. This section allows users to create, manage, and revoke API keys for trading, withdrawals, and other functionalities.

2. Before generating a new key, ensure that two-factor authentication (2FA) is enabled on your account. Crypto.com requires 2FA as a security measure before allowing API key creation. Use either Google Authenticator or SMS verification to activate this feature if not already set up.

3. Once inside the API Management panel, you’ll see an option labeled “Create New API Key.” Clicking this will prompt a form requesting details such as a custom name for the key and selection of permission scopes. Assign a descriptive name to help identify its purpose later, especially if managing multiple integrations.

Selecting Appropriate Permissions

1. When creating the API key, you must define what actions it can perform. Available permissions include reading account data, placing trades, managing orders, and initiating withdrawals. Only grant the minimum required access needed for your application or bot to function securely.

2. For example, if you are connecting to a third-party portfolio tracker, select only “Read” permissions. If integrating with an automated trading bot, enable “Trade” permissions but avoid enabling withdrawal rights unless absolutely necessary. Misuse of overly permissive keys can lead to significant financial loss.

3. After selecting the desired permissions, confirm your choices and proceed. The system will ask you to re-authenticate using your 2FA method to verify the request. This step ensures that even if someone gains partial access to your session, they cannot generate keys without secondary verification.

Securing and Storing Your API Key

1. Upon successful validation, Crypto.com will generate both an API Key and a Secret Key. These will be displayed only once during creation—make sure to copy and store them immediately in a secure location such as a password manager or encrypted file. Losing the secret key means you’ll need to revoke and regenerate the entire pair.

2. Never share your API or Secret Key with anyone, including support staff or third-party services asking for full access. Scammers often pose as official representatives to extract these credentials. Legitimate platforms will never ask for your secret key directly.

3. Consider setting IP address restrictions when available. By whitelisting specific IPs, you limit where the API key can be used from, reducing the risk of unauthorized access even if the credentials are compromised. This feature adds a critical layer of protection for high-value accounts.

4. Regularly review active API keys under the management section. Disable or delete any keys associated with discontinued tools or suspicious activity. Monitoring usage logs helps detect anomalies early, such as unexpected trade executions or balance inquiries from unfamiliar locations.

Frequently Asked Questions

Can I regenerate my Secret Key if I lose it?No, Crypto.com does not allow regeneration of the original Secret Key. If lost, you must revoke the existing key and create a new one with fresh credentials. Update all connected applications accordingly to maintain functionality.

How many API keys can I create on Crypto.com?Crypto.com permits users to create multiple API keys, each with customized names and permission sets. However, excessive keys increase security risks. It’s best practice to maintain only those actively in use and remove outdated ones promptly.

Is it safe to use API keys with third-party trading bots?Using API keys with external bots carries inherent risks. Ensure the service is reputable, uses encrypted connections, and does not require withdrawal permissions unless essential. Always monitor your account activity after integration.

What should I do if I suspect my API key has been compromised?Immediately go to the API Management section and revoke the suspected key. Change your account password and update 2FA settings. Contact Crypto.com support to report the incident and request additional security checks on your account.