Exchange API Key Setup

BlaveClaw needs API keys to place orders. Here's how to create them safely.

The golden rule: never enable withdrawals

When creating an API key for trading, never enable withdrawal permissions. A trading bot only needs read access and trade execution. If an API key with withdrawal permissions is ever compromised, funds can be moved out of the exchange instantly. With trading-only permissions, the worst case is unauthorized trades — bad, but recoverable.

What permissions to enable

Permission	Enable?	Why
Read / Account info	✓ Yes	Check balances and positions
Spot Trading	✓ If using spot	Place spot orders
Futures / Contract Trading	✓ If using futures	Place futures orders
Withdrawals	✗ Never	Not needed

Tell the agent your keys

BlaveClaw supports: Binance, Bybit, BitMart, BingX, Bitget, Bitfinex, KuCoin.

Once you have the key and secret from the exchange, just send them to the agent in Telegram. The agent will store them and verify the connection:

"我要設定 Binance API Key
API Key: xxxx
Secret: xxxx"

The agent will confirm the connection is working before proceeding.

IP whitelist (recommended)

Most exchanges let you restrict an API key to specific IP addresses. Add your BlaveClaw server's IP — this way even if the key is leaked, it can't be used from anywhere else.

Ask the agent for the server IP first:

"我的 server IP 是什麼"

← Back to Learn