API Crypto Trading: How It Works And Is It Secure?

Download Report

How to use API keys for crypto trading bots and the security of API asset management

Thank you for signing up for our newsletter!
You have already signed up for our newsletter.
Danail Velchovski
August 17, 2022
Aug 17

In this article, we will explain how platforms like One Click Crypto can make trades on your exchange account (Binance, FTX, Kraken, etc.) with API and security and potential vulnerabilities around it.

What is API?

API (Application Programming Interface) is a set of programming instructions that allows two software programs to interact.

API is like a language that lets different software apps talk to each other.

In the case of One Click Crypto, it allows our software to optimize and effectively manage your crypto portfolio directly on your exchange account.

Why is it needed?

The API is needed for external services to perform actions on your account. One Click Crypto uses API for the following:

  • Fetch your account data (asset balance, trade history, open orders)
  • Place orders and execute trades
  • Cancel orders

API is a direct link between One Click Crypto and your exchange account.

API is commonly used amongst modern asset managers and Robo-advisors because it enhances financial management in 3 ways:

  1. You have more control over your capital. You no longer need to send your funds to an external party to use their investment strategies. Instead, the funds can stay and be managed directly in your exchange account. Additionally, you can disable API integration and withdraw access to your assets at any moment.
  2. You have more transparency over your capital. Since the trading is executed on your exchange account, you see exactly what happens with your assets. Therefore, you can easily verify the PnL, drawdown, and other data of an external asset manager.
  3. It simplifies the user experience. To use a certain trading strategy or work with an asset manager, you just create and link your API key in 5 minutes. No need for extensive paperwork and other operational overhead.

How does it work?

Using automated trading through API is significantly easier compared to traditional asset management. The strategy activation process is fully automatic and takes 5–10 minutes to complete. In the case of One Click Crypto, all you have to do is to sign up for an 1CC account, connect your cryptocurrency exchange with an API key, and choose the allocation size in USDT or USDC. That’s it, the rest will be taken care of by the software. You can view the product demo here.

After activating your One Click Crypto account from an email invitation, simply follow the onboarding process on the website to link your API key. Here is the tutorial on how to connect your Binance API key to One Click Crypto.

So how exactly One Click Crypto trades on my exchange?

The API trading process involves a series of steps to ensure a) the safety of the connection and user’s assets, b) the accuracy of data, and c) the consistency of service.

Here is how the API trading process looks step-by-step at One Click Crypto

  1. Every 4 hours, an AI model (strategy) scans the market and generates the output (buy/sell/hold signal) and % of the portfolio to trade. The signal is subsequently sent to the trading bot linked to the user’s exchange account.
  2. To ensure safety, the bot then performs various security checks and validates that the signal was indeed generated by the model associated with the bot.
  3. After all the checks are passed, the bot sends a request to the user’s exchange account to place a trade.
  4. After the successful trade, the bot fetches the data from the user’s account (trade history, balance, and position sizes) and updates the AI model.

A few things worth noting:

  • The AI models and trading bots are stored and operated on One Click Crypto servers.
  • The user data and funds are stored and managed on the servers/wallets of an exchange.
  • The requests sent by a model to a trading bot and from a trading bot to an exchange are end-to-end encrypted to avoid leaking sensitive data.

What are the limitations and the capacity of Binance API?

For Binance there are three different types of limits, all of which are subject to change at any time:

  1. Hard-limits
  2. ML (Machine Learning) Limits
  3. WAF (Web Application Firewall) Limits

The Hard-Limits specifically are:

  • 1,200 request weight per minute (keep in mind that this is not necessarily the same as 1,200 requests)
  • 50 orders per 10 seconds
  • 160,000 orders per 24 hours

Additionally, Binance does not restrict you in the volume you can trade in a day. On some markets, you are allowed to make a market order up to 306 BTC, which is more than enough for 99.999% of crypto holders.

How to create an API key?

See API tutorials for Binance/Binance.US, Kraken, Bitpanda Pro, and Bitvavo.

How secure is API trading?

While API keys open the door to data analysis, trading bots, and other automation, crypto traders may not be fully aware of the risks associated with sharing API credentials with non-trustworthy third parties.

API Security

As a user, you can set different levels of permissions for your API keys.

To ensure the safety of your assets, don’t enable withdrawal/deposit access when linking your API key to an external platform. The bots need trade-only API access to function sufficiently.

API keys are stored encrypted in the One Click Crypto database. In case anyone ever gets access to the database, all they would see is a random string of characters without any meaning.

Example with a random API key.

The API keys are not visible on the One Click Crypto app interface. So if anyone gets access to your app account, they cannot access your keys.

The bots can only execute trades on the markets they were assigned to. If the bot receives a buy/sell signal to trade on another market pair, this signal will be ignored.

The bots are limited to the position size assigned to them. If the bot receives a buy/sell signal to trade with a higher size than it currently holds, the signal will be ignored.

In case there is irregular trading activity noticed on an exchange account (the daily volume is 10x higher than the bot position size), a user will be immediately notified by email and Telegram.

To generate a new API key, you need to use 2FA (2-factor authentication).

The newly generated API secret can only be viewed once. If later you want to view existing API credentials, you can only see an API key. API secret is hidden forever.

Further security tips

There is a slight chance that a user himself may expose an API key. Therefore:

  • Never store your API keys on shared accounts or databases
  • Never store your API keys in a non-encrypted text format
  • Never write and store your API keys on paper or another physical medium
  • If you lost access to your API key, delete it, and create a new one

Even if after all the security precautions, a malicious actor gained access to the API keys, a) they cannot withdraw any funds b) they are limited by the API restrictions described in the paragraph above. Additionally, if using the One Click Crypto platform, the affected user will be automatically notified and can disable the API key immediately.

Whitelist API Trading Symbol
If you are certain about which market pairs you want your AI to trade, you can use the API trading symbol whitelist function on Binance to restrict sub-account's Spot/Margin trading to the Master Account selected trading pairs only.

That will further enhance the security of your account and ensure that there will be no trading outside your chosen market pairs through the API.

IP whitelist
Another safety measure to secure your funds from hacks is to use an IP whitelist function on your exchange. That will restrict your API to accepting trades only from the IP addresses in the list.

For maximum security and convenience, we will email you our list of IPs once you register on the One Click trading app. Those are the IP addresses we use on our servers to run the trading AIs. You can then add them to the ‘trusted IPs only’ tab when creating an API key.


Using an Application Programming Interface (API) as a middleman in your crypto trading gives you more control and transparency over your capital. It also simplifies the user experience and makes automation trading a lot easier.

You can connect your exchange to the One Click Crypto app via an API key following a couple of steps. API keys are stored encrypted in the One Click Crypto database and our software performs several security checks before executing any actions via your API.

Disclaimer: This article is for informational purposes only

Download Report
Danail Velchovski

Danail masterfully combines his deep knowledge of blockchain technology and his strong writing skills to deliver crisp, comprehensive content. With his early immersion in the web3 domain, he navigates the complexities of this revolutionary technology with ease, turning intricate concepts into engaging, digestible pieces. His research acumen and keen insight into the rapidly evolving world of decentralized networks make him an invaluable asset in educating audiences about web3's potential and its ever-evolving landscape.

Sign up for our newsletter
Join The Mainnet Waitlist
Enter the waiting list for the upcoming mainnet launch and receive:
  • Bonus points for the upcoming airdrop
  • 3 Referral Links to share for more rewards
  • Latest product news and releases
  • Exclusive DeFi Research
Please, enter a correct email
You have requested access for OB Trader!

You are on the waitlist!

Congrats! You successfully joined One Click Crypto waiting list. Keep an eye on your inbox, you will get updates soon.

In the meantime, join our communities to be extra cool

Follow us
Oops! Something went wrong. Please, try again.
Oops! Something went wrong while submitting the form.

One Click Crypto
institutional inquiry

Submit your inquiry through this form
Thank you! Your submission has been received and the team will get back to you within 1-3 business days.
Oops! Something went wrong while submitting the form.