How to get my sub-account API key from KuCoin?

Accessing Sub-Account API Management

1. Log in to your main KuCoin account through the official website. Navigate to the top-right corner and click on your profile icon to reveal a dropdown menu. Select 'Sub-Account Management' from the options to view all linked sub-accounts under your primary account.

2. Locate the specific sub-account for which you need the API key. Each sub-account is listed with its unique identifier and status. Click on the 'Manage' button adjacent to the desired sub-account to enter its individual control panel.

3. Within the sub-account dashboard, find the 'API Management' section. This area is dedicated to handling API-related settings including creation, modification, and deletion of API keys. Ensure the sub-account has the necessary permissions enabled for API access.

Generating a New API Key

1. In the API Management interface, select the option labeled 'Create API Key'. A pop-up window will appear requesting additional verification. Complete two-factor authentication (2FA) using your registered authenticator app or SMS confirmation.

2. After successful verification, define the permissions for the new API key. Choose between read-only access or include trading and withdrawal privileges based on operational requirements. Assigning overly broad permissions may expose assets to unnecessary risk.

3. Specify IP restrictions to enhance security. Input the static IP addresses that are allowed to use this API key. If no restrictions are applied, the key can be accessed from any location, increasing vulnerability to unauthorized usage.

4. Confirm all settings and click 'Submit'. The system will generate both an API Key and a Secret Key. These credentials will only be displayed once immediately after creation. It is critical to store both values securely, as losing them requires generating a new pair.

Verifying API Key Functionality

1. Use a tool like Postman or cURL to send a test request to the KuCoin API endpoint. Construct the call using the newly created API Key, Secret Key, and any required passphrase. A properly configured key should return a valid response without authentication errors.

2. Monitor the sub-account activity log within the KuCoin interface. Successful API calls will appear in the history with timestamps and executed actions. Unexpected failures may indicate incorrect signature formatting or expired nonce values.

3. Test limited operations such as retrieving balance information before executing trades or withdrawals. This ensures the key functions correctly while minimizing exposure to potential losses due to misconfiguration.

Securing and Managing API Credentials

1. Avoid storing API keys in plaintext files or version-controlled repositories. Utilize encrypted credential managers designed for handling sensitive data in development environments.

2. Regularly rotate API keys by creating new pairs and deactivating old ones. Frequent rotation reduces the impact of compromised credentials even if unnoticed breaches occur.

3. Enable logging features to track every API request made through the sub-account. Analyze logs periodically for unusual patterns such as high-frequency requests or access during atypical hours.

4. Revoke any API key immediately if suspicious behavior is detected. From the API Management panel, locate the key and choose 'Disable' to terminate its functionality across all endpoints instantly.

Frequently Asked Questions

Can I transfer an API key from one sub-account to another?No, API keys are bound to the specific sub-account they were created for. To use API access on a different sub-account, a new key must be generated within that sub-account’s management interface.

What happens if I lose my Secret Key after generation?The Secret Key cannot be retrieved once dismissed from the initial setup screen. You must create a new API key pair and update all applications with the fresh credentials. Safeguarding the Secret Key during creation is essential.

Is it possible to change permissions on an existing API key?Permissions cannot be modified after creation. To alter access levels, disable the current key and generate a new one with the desired permission settings.

How many API keys can a single sub-account have?KuCoin allows up to five active API keys per sub-account. If more integrations are needed, consider consolidating services or rotating inactive keys to free up slots.