How to Connect BingX API to a Crypto Trading Bot
Connect BingX API to a trading bot by creating a sub-account API key with Read + Trade permissions only (never Withdraw), binding your bot platform's IP whitelist, and pasting the key and secret into the bot's exchange integration panel. Test with a minimum-size order before scaling capital.
TL;DR
- API permissions → enable Read + Spot/Futures Trade; disable Withdraw always
- IP whitelist → add your bot provider's static IPs before generating the key
- Key type → use sub-account keys when available to isolate bot capital
- Secret storage → copy secret once at creation; store in password manager only
- First test → place minimum lot order, verify fill, then cancel open orders
- Common failure → wrong passphrase, expired key, or IP mismatch → regenerate
Glossary
- API key
- A public identifier paired with a secret that authenticates your bot's requests to the BingX exchange API.
- IP whitelist
- A security setting that restricts API usage to requests originating from pre-approved server IP addresses.
- Trade permission
- API scope allowing the bot to place, modify, and cancel orders without access to fund withdrawals.
- Sub-account
- An isolated account segment under your main BingX profile, useful for separating bot funds from manual trading.
- Passphrase
- An additional secret some exchanges require on each API call; BingX may use a separate API password depending on key version.
| Permission | Required? | Why |
|---|---|---|
| Read / Query | Yes | Bot needs balances, positions, and order status |
| Spot trade | Yes (spot bots) | Place and cancel spot limit/market orders |
| Futures trade | Yes (futures bots) | Open and manage perpetual or standard futures |
| Transfer | No | Bots should not move funds between sub-accounts autonomously |
| Withdraw | Never | Eliminates catastrophic risk if key is compromised |
Create a BingX API Key with Safe Permissions
Log in to BingX, navigate to Account → API Management, and click Create API. Label it clearly — e.g., 'Veles-grid-BTC-2026' — so you can revoke it later without guessing. Select Read permission unconditionally. For spot grid or DCA bots, enable Spot Trading. For perpetual strategies, enable Futures Trading. Leave Withdrawal unchecked; there is zero legitimate reason for a third-party bot to withdraw funds.
If BingX offers sub-account APIs on your tier, create the key under a dedicated sub-account funded only with your bot allocation. Compromise of that key exposes sub-account balance, not your entire exchange equity. Set an API password (passphrase) if prompted — bots will need this alongside key and secret. Use a 16+ character random passphrase stored in a password manager, not a reused login password.
Configure IP Whitelist Before Saving the Key
Most reputable bot platforms publish static outbound IP addresses for API calls. Copy those IPs from your bot provider's documentation and paste them into BingX's IP whitelist field before finalizing the key. Skipping this step works in sandbox testing but leaves the key usable from any IP if leaked — a common attack vector when secrets end up in screenshots or support tickets.
If your provider supports IP binding updates, whitelist all listed nodes. For home-grown bots running on a VPS, whitelist your server's elastic IP only. Never create an unwhitelisted key 'just to test' and forget to restrict it — delete and regenerate instead. BingX may take 1–5 minutes for whitelist changes to propagate; wait before running connectivity tests.
Link the API Key to Your Trading Bot Platform
In your bot platform — for example Veles Finance — open Integrations → BingX → Add connection. Paste the API key, secret, and passphrase if required. Select the correct market type (spot vs USDT-M perpetual) matching your strategy. Mismatch here causes 'insufficient margin' or 'symbol not found' errors that look like strategy bugs but are configuration issues.
Run the built-in connection test. A successful test confirms read access and usually fetches your USDT balance. If the test fails, check: (1) typo in secret — it is shown only once at creation, (2) IP not whitelisted, (3) futures permission missing for perp bots, (4) API key expired or manually disabled in BingX. Veles and similar platforms encrypt keys at rest and never request withdrawal scope — verify this in the provider's security docs before pasting credentials.
Validate with a Minimum Live Order
After linking, do not deploy a full grid immediately. Start with the smallest allowed order on your target pair — e.g., minimum BTC/USDT lot — via the bot's manual or test mode. Confirm the order appears in BingX's open-order tab, fills correctly, and that the bot records the trade. Cancel any stray test orders, then deploy the automated strategy at 10–20% of intended capital for 48 hours.
Monitor the first day actively: latency, partial fills, and fee tier alignment. BingX VIP level affects maker/taker rates — grids are fee-sensitive. If fills are consistently taker despite limit orders, your price offset may be too aggressive. After 48 clean hours, scale to full allocation. Set a Telegram or email alert for API errors, repeated order rejections, and disconnect events.
Troubleshooting Common BingX API Errors
Error 100413 or IP restriction: your bot server's IP changed or was never whitelisted. Update the whitelist or regenerate the key. Error 100004 signature invalid: wrong secret, passphrase, or clock skew on self-hosted bots — sync NTP on your VPS. Error insufficient balance: funds are in the wrong wallet (spot vs futures) or sub-account; transfer manually, do not enable Transfer API permission for the bot.
Rate limit errors (429): reduce order amendment frequency or widen grid spacing. BingX throttles aggressive cancel-replace loops. If the bot platform shows 'connected' but orders do not appear, verify you selected the correct API environment (BingX has no separate testnet for all pairs — use minimum size live tests). Rotate API keys every 90–180 days and immediately revoke any key that may have been exposed in logs or chat.
FAQ
Should I enable withdrawal permission on my BingX API key?
Never. Trading bots need Read and Trade scopes only. Withdrawal access means a leaked key can drain your account — no reputable bot platform requires it.
Why does my bot show 'IP not authorized' on BingX?
The request came from an IP not on your whitelist. Add your bot provider's static IPs in BingX API settings or whitelist your VPS IP, then wait a few minutes and retry.
Do I need separate API keys for spot and futures bots?
One key can include both spot and futures trade permissions if you run both strategy types. Many traders still use separate sub-accounts and keys for cleaner accounting and risk isolation.
I lost my API secret. Can I recover it?
No — BingX shows the secret only once at creation. Delete the old key, generate a new one, update your bot platform, and revoke the old key immediately.
How long does BingX API connection take to set up?
Creating the key and whitelisting IPs takes 5–10 minutes. Propagation and first successful bot test usually complete within 15–20 minutes if permissions are correct.
Can I connect BingX API to multiple bots?
Yes — the same key can power multiple bots if your platform allows it, but separate sub-accounts per strategy simplify tracking. Watch aggregate rate limits if running many bots on one key.
This tutorial is for informational purposes only and is not financial or security advice. API keys carry risk if misconfigured — never enable withdrawal permissions. Crypto trading and automated bots can result in total loss of capital. Verify your bot provider's security practices before entering credentials.