How to Create an OKX API Key for Your Bot (OKX Referral Code: SUPER20OFF)

Setting up automated trading on OKX? You'll need an API key first. This guide shows you exactly how to create one—covering permissions, security settings, and the common mistakes that could lock you out or expose your account. Whether you're running a simple grid bot or a complex trading strategy, getting your API setup right matters.

So you want your bot to trade for you. Smart move. But first, you need to give it the keys to your account—literally. That's where the API key comes in.

Think of an API key like a backstage pass. It lets your bot access your OKX account, place trades, check balances, and manage orders without you logging in every time. The trick is setting it up correctly so your bot can work while keeping your funds safe.

Let's walk through it.

Log Into Your OKX Account

Start by heading to your OKX account. Make sure everything's in order—account verified, trading enabled, all that housekeeping stuff. You can't create API keys on a half-baked account.

Once you're in, you're ready to dig into the API settings.

Find the API Management Section

Here's where things get interesting. Click on your account profile—usually up in the corner somewhere. Look for the API section. It's not hidden, but it's not front and center either.

Click 'Create V5 API Key'. That V5 matters. It's the current version, and it's what most modern bots expect. Don't mess around with older versions unless you have a specific reason.

This is where your bot starts getting access.

Set Up Your Key Details

Now you're naming your key. Don't just call it "bot" or "key1"—be descriptive. "Grid Bot Main" or "Scalping Strategy" tells you what it does at a glance. Future you will thank present you.

Next comes the passphrase. This isn't your account password. It's a separate security layer for this specific API key. Make it strong. Write it down somewhere safe. Lose this, and your bot can't connect—even if you have the key itself.

Store everything carefully. You'll need the API key, the secret key, and this passphrase. All three. No exceptions.

Configure Permissions Carefully

This part trips people up. OKX gives you a bunch of permission options, and it's tempting to check them all. Don't.

Enable what your bot actually needs: trading capabilities, account info access, order management. That's usually enough for most strategies.

Here's the important bit: never enable withdrawal permissions unless you absolutely must. Seriously. If someone gets your API key, you don't want them draining your account. Trading permissions? Annoying if compromised. Withdrawal permissions? Potentially devastating.

👉 Want to maximize your trading efficiency while keeping fees low? Join OKX with code SUPER20OFF for a permanent 20% fee reduction

Keep it minimal. You can always add permissions later if your bot needs them.

Lock Down Security Settings

Now for the part that actually protects you: IP whitelisting.

Find your bot's IP address—whether it's running on your computer, a VPS, or a cloud service. Add that specific IP to the whitelist. Now only connections from that address can use your API key.

It's a pain if your IP changes, sure. But it's worth it. Someone steals your key? Doesn't matter—they can't use it from their location.

If OKX offers trading limits, set them. Cap how much your bot can trade in a day or per order. It won't stop a determined attacker, but it slows down damage if something goes wrong.

Double-check that withdrawal permissions are off. Yes, again. It's that important.

Finalize and Save Everything

You're almost done. Review your settings one more time:

• Permissions look right?

• IP whitelist set up?

• Security measures in place?

Good. Now complete the 2FA verification. OKX will ask for your authenticator code or SMS verification. This confirms you're really you.

Once that's done, OKX shows you the API key, secret key, and passphrase one time. One time. You can't see the secret key again after this screen.

Copy all three. Paste them somewhere secure—a password manager, an encrypted note, whatever you trust. Just don't leave them sitting in a text file on your desktop.

Connect Your Bot

With your credentials saved, head to your trading bot's settings. Every bot's different, but they all ask for the same three things: API key, secret key, passphrase.

Paste them in. Save the configuration. Test the connection.

If it works, your bot should pull your account balance, show available pairs, and be ready to trade. If it doesn't connect, double-check those permissions and that IP whitelist.

A Few Things to Remember

Your API key isn't permanent security theater. Check it regularly. If you're not using a particular bot anymore, delete its key. Change passphrases occasionally. Review permissions every few months.

Never share your API credentials. Not with "support staff" on Telegram. Not with "helpful traders" on Discord. Nobody legitimate will ever ask for them.

And if something feels off—weird trades you didn't authorize, balance discrepancies—delete that API key immediately. You can always create a new one. You can't undo unauthorized trades.

Setting up an OKX API key takes a few minutes, but doing it right saves headaches later. You're giving your bot access to real money, so those security steps matter. With proper permissions, IP whitelisting, and secure storage of your credentials, you can let your bot do its thing while you focus on strategy instead of manual trading. And if you haven't already, remember that using referral code SUPER20OFF gives you a permanent 20% trading fee reduction—which adds up fast when your bot's placing hundreds of trades.