How to create a trade-only Binance API key (no withdrawal)
Any automated trading tool needs permission to place orders on your exchange. The safest way to grant that is an API key that can trade but never withdraw. Set up correctly, even if the key leaked, an attacker could not move your coins off Binance. This is the technical basis of a non-custodial setup.
The principle: least privilege
An exchange API key is a set of permissions, not a password to your whole account. Grant only what the tool actually needs. A grid bot needs to read balances and place/cancel spot orders. It does notneed withdrawal rights, and it does not need your login. Anything beyond "read + spot trade" is extra blast radius for no benefit.
Creating a trade-only key on Binance
- In Binance, open API Management and create a new API key. Label it for the specific tool so you can revoke it in isolation later.
- Enable Enable Spot & Margin Trading (spot is what a grid needs).
- Leave Enable Withdrawals turned off. This is the single most important setting.
- Restrict access to trusted IPs if the tool has a stable outbound address — an IP allowlist means a stolen key is useless from anywhere else.
- Store the secret once, securely. Binance shows the secret only at creation; a tool should encrypt it at rest, never log it, and never expose it in a URL.
Why "no withdrawal" matters so much
Withdrawal permission is the only one that lets value leave your account. Without it, the worst a compromised key can do is place trades — bad, but recoverable, and bounded by the controls you set. A tool that asks for withdrawal rights is asking for the keys to the vault; a grid bot has no legitimate reason to.
Good hygiene afterwards
- One key per tool, clearly labelled, so you can revoke surgically.
- Rotate keys periodically and immediately if anything looks off.
- Prefer tools that encrypt keys bound to your account and pass them to processes via environment, not command-line arguments or logs.
- Re-check permissions occasionally — exchanges sometimes add new scopes.
How this maps to GRIDVULCAN
GRIDVULCAN is designed around exactly this model: you connect a trade-only key, your funds never leave your Binance account, and the key is encrypted and bound to your account so a stolen database row cannot be reused. It is the same least-privilege idea, enforced in the architecture. If you want the broader picture, see what is grid trading.
Crypto trading involves substantial risk. Grid strategies can lose money, including your full allocated capital, in strongly trending or highly volatile markets. Nothing on this page is financial advice.
Read the full Terms & Risk NoticeGRIDVULCAN is a non-custodial BTC/USDT grid bot, in private beta.
Join the waitlist