API Key Setup
This guide explains how to create and manage your BigONE API keys.
Creating an API Key
- Log in to your BigONE account
- Navigate to API Settings
- Click Create API Key
- Configure the permission scopes and IP whitelist
- Complete two-factor authentication (2FA) verification
- Save your API Secret immediately
Your API Secret will only be displayed once when the API key is created. Please save it immediately in a secure location. If you lose your API Secret, you will need to delete the API key and create a new one.
After creation, you can edit your API key to update the permission scopes and IP whitelist. However, the API Secret cannot be viewed again after the initial creation.
Permission Scopes
You must select the appropriate permission scopes for your use case. Each scope grants access to specific API endpoints.
| Permission | Description |
|---|---|
| View Account Balance Information | Required for Spot/Fund account queries and trading fee queries |
| View Order Information | Required for order queries and order history |
| Create Orders | Required for placing orders, canceling orders, and Convert trades |
| View Trade Information | Required for trade history queries and Convert trade history |
| View Deposit Address | Required for viewing deposit addresses |
| View Deposit History | Required for viewing deposit records |
| View Withdrawal History | Required for viewing withdrawal records |
| Execute Withdrawals | Required for initiating withdrawals |
| Access Contract | Required for reading Contract data |
| Create Contract | Required for creating Contract orders |
If your API key lacks the required scope for an endpoint, you will receive a 403 Permission denied error with code 10403.
IP Whitelist
For enhanced security, it is recommended to bind IP addresses to your API Key. Each API Key can be bound to a maximum of 20 IP addresses or IP segments.
Configuration
- Enter a single IP address or IP segment directly
- Separate multiple IP addresses with commas, e.g.,
192.168.1.1,192.168.1.2 - Supports CIDR notation for IP ranges, e.g.,
192.168.1.0/24
Best Practices
- Always use IP whitelist in production — This prevents unauthorized access even if your API credentials are compromised
- Use static IPs — If your server's IP changes frequently, consider using a proxy with a static IP
- Limit to necessary IPs only — Only whitelist IPs that actually need API access
Please do not disclose your API Key to avoid asset loss. Treat your API credentials like passwords.
Managing API Keys
Viewing Your Keys
You can view all your API keys on the API Settings page. For each key, you can see:
- API Key (public identifier)
- Creation date
- Permission scopes
- IP whitelist status
Editing a Key
To modify an existing API key:
- Go to API Settings
- Find the key you want to edit
- Click Edit
- Update the scopes or IP whitelist
- Complete 2FA verification
Deleting a Key
If you no longer need an API key or suspect it has been compromised:
- Go to API Settings
- Find the key you want to delete
- Click Delete
- Complete 2FA verification
After deleting an API key, all applications using that key will immediately lose access. Make sure to update your applications before deleting.
Next Steps
Once you have created your API key, proceed to Authentication to learn how to generate signed tokens for API requests.