Permissions and IP whitelist#
Required permissions#
On the Binance API key page, enable:
- Enable Reading — needed to fetch balances, positions, and order history.
- Enable Futures — needed to place USDⓈ-M Futures orders.
Leave everything else off. In particular:
- Do not enable Withdrawals. HookTrader never withdraws and cannot ever ask Binance to.
- Do not enable Spot & Margin Trading. HookTrader only trades USDⓈ-M perpetuals.
- Do not enable Universal Transfer. Not used.
If you accidentally enable a permission HookTrader doesn't need, the platform still works — the key is just unnecessarily privileged. Drop the extra permissions when you can.
What HookTrader actually sends#
HookTrader uses only the permissions it declares — it reads balances and positions, submits and cancels futures orders, and monitors fills. It never requests withdrawal or spot/margin access.
IP whitelist#
If you restrict the key by IP, add the public IP of the HookTrader production server. The address is shown on the Exchanges → + Add API key screen so you don't have to look it up.
If the IP whitelist is wrong, you'll see one of:
- Verify fails on save with the error code
-2015("Invalid API-key, IP, or permissions for action"). - Trades start failing later with the same code, after Binance starts rejecting requests from the whitelisted IPs you removed.
Both surface as a notification. See Troubleshooting → Binance error codes.
Whitelisting is optional but recommended for live keys
A leaked key without an IP whitelist can be used from anywhere — even though HookTrader can never withdraw, an attacker could still place loss-making trades against your balance. The cost of whitelisting is essentially zero; do it for live keys.
Verifying after a change#
Whenever you change permissions or the IP whitelist on Binance, use the Verify permissions button on the exchange detail page in HookTrader to re-run the signed test call. You don't need to re-enter the secret.