Guide

How to create a read-only Binance API key

The Binance P2P Bot connects to your account with an API key. The most important thing about that key is what it is allowed to do. Set it up the way this guide shows, and the key can read your balances and edit the price of your own ads. Nothing else. It cannot withdraw, it cannot trade, and it cannot transfer funds. Even if the key leaked, the worst anyone could do is look.

This takes about three minutes.

What a Binance API key actually is

An API key is not your password. It is a pair of codes, an API Key and a Secret Key, plus a set of permission switches you turn on or off. The permissions are what matter. A key with the Withdrawals permission can move money. A key with only the Reading permission can look at data and nothing more. The bot needs the second kind.

Step 1 — Open API Management

Log in to Binance on the web, open the account menu, and go to API Management. Click Create API and choose the System generated key type. Give it a name you will recognise later (for example tickbots-p2p), then pass the security check with your 2FA.

Step 2 — Save the Secret Key immediately

Binance shows you the Secret Key exactly once, at creation. It is never shown again. Copy it into a password manager the moment it appears. If you lose it, you cannot recover it. You simply delete the key and make a new one.

Step 3 — Enable only Reading

This is the step that matters. Open Edit restrictions for the key and make sure only the reading permission is enabled. Leave every one of these switched off:

  • Enable Spot & Margin Trading. The bot never places trades for you.
  • Enable Withdrawals. Never turn this on for a bot key. This is the switch that empties accounts.
  • Enable Internal Transfer and Universal Transfer. Moving funds between accounts is still moving funds.
  • Futures, Margin, Options. Not needed for P2P pricing.

Binance sometimes renames the reading switch ("Enable Reading", "Read Only", "Read Info"). Trust the meaning, not the exact label: you want the one permission that gives read access, and nothing else.

Step 4 — Lock it to your IP (optional but worth it)

A pure read-only key does not need an IP restriction. But if your PC has a fixed IP address, add it under the key's IP-access settings anyway. With an IP whitelist, the key only works from that address, so a leaked key is useless everywhere else. It costs you nothing and closes the door completely.

Step 5 — Put it into the bot

You now have an API Key and a Secret Key that can see everything and touch nothing. Open the TickBots app, choose Binance, and paste both values in. The key is stored locally on your PC, in a file next to the bot. It is never sent to TickBots servers, so it cannot leak from us.

That is the whole setup. A read-only, IP-locked key is about as safe as an exchange credential gets. And it is all the Binance P2P Bot will ever ask you for.

Related bots

← All guides