User Guide
API Key Setup
Step-by-step instructions for creating Binance, Binance Copy, Bitget, and Bitget Copy API keys with read-only access.
Read this first — Read-only API keys, every time.
Meetcrypt only ever needs to read your exchange data to compute balances, PNL, funding, and risk. We do not need permission to place trades, transfer funds, withdraw, or convert assets. When you create the API key on Binance or Bitget, the only permission you must enable is Read / Read-only. Every other checkbox — Spot Trading, Futures, Margin, Withdraw, Universal Transfer, Internal Transfer, Loan, Convert, Vault — must be OFF. If you save a key with any non-read permission and it leaks, your funds are at risk. The exchange does not know whether you intended to grant trade access; it just honours what the key says.
Why read-only matters
A short explanation of the failure modes you avoid by sticking to read-only.
- If a read-only key leaks, an attacker can read your portfolio. Annoying, not catastrophic.
- If a key with TRADE access leaks, an attacker can place market orders on illiquid pairs to wash your account.
- If a key with WITHDRAW access leaks, your funds can leave the exchange. This has happened to real users.
- If a key with UNIVERSAL TRANSFER access leaks, an attacker can shuffle funds between your sub-accounts to set up trade-based draining.
- Meetcrypt is read-only by design — we never need anything except Read. If you ever see Meetcrypt asking for trade or withdraw permissions, that is a fake / phishing site. Stop and email us.
Binance — main account
For your primary Binance account that holds spot, margin, and/or futures balances directly.
Read-only access is mandatory for Binance
The Binance API key you give Meetcrypt must have ONLY Read / Read-only permissions. Trade, Spot, Futures, Margin, Withdraw, and Universal Transfer permissions must all be OFF. If a checkbox other than Read is on, STOP and remove it before saving. Meetcrypt will never need anything beyond Read access to compute your analytics.
- 1
Sign in to your Binance account
Go to binance.com and sign in. Make sure 2FA is enabled — Binance will require it during key creation.
- 2
Open API Management
Click your profile icon (top right) → Account → API Management. (Or visit binance.com/en/my/settings/api-management directly.)
- 3
Create a new API key
Click "Create API". Pick "System generated" (the default). Give it a recognisable label such as "Meetcrypt read-only". Pass the 2FA / email / phone verification prompts.
- 4
Set permissions to READ ONLY — this is the most important step
On the permissions panel that appears after creation: keep "Enable Reading" checked, and uncheck EVERYTHING else. Specifically: uncheck "Enable Spot & Margin Trading", "Enable Futures", "Enable Withdrawals", "Permits Universal Transfer", "Enable Internal Transfer", "Enable Margin Loan, Repay & Transfer", and any vault / staking / convert / margin permissions Binance shows. If a checkbox is on, your funds are at risk.
- 5
(Recommended) Restrict access to trusted IPs
Click "Restrict access to trusted IPs only" and add Meetcrypt's egress IP: 185.182.8.13. Without this, a leaked read-only key could still be used to scrape your portfolio data from anywhere on the internet.
- 6
Save the API Key and Secret Key
Binance shows the Secret Key only once. Copy both Key and Secret somewhere private (a password manager). Then paste them into Meetcrypt → Connections → "Add account" → Binance.
Binance — copy trading account
For a separate Binance copy-trading sub-account. Treat it as its own connection in Meetcrypt.
Read-only access is mandatory for Binance Copy Trading
The Binance Copy Trading API key you give Meetcrypt must have ONLY Read / Read-only permissions. Trade, Spot, Futures, Margin, Withdraw, and Universal Transfer permissions must all be OFF. If a checkbox other than Read is on, STOP and remove it before saving. Meetcrypt will never need anything beyond Read access to compute your analytics.
Important — read-only is enough for copy trading
Copy trading executes orders server-side on Binance through the lead trader's instructions — you do not need to give Meetcrypt trade permissions for the copy engine to keep working. A read-only key can still see all the resulting fills, balances, funding, and PNL.
- 1
Open the Copy Trading account you want to track
Sign in to Binance, go to Trade → Copy Trading, and open the lead trader profile or your follower account. Copy Trading uses a separate sub-account, so it has its own API key (different from your master account).
- 2
Find API Management for the copy account
Click the profile icon → Sub Account → find the "Copy Trading" sub-account → click "API Management" for that sub-account row. Some Binance regions surface this under "Lead Portfolio API Management" or "Copy Trading API". Treat the copy account as a separate sub-account with its own keys.
- 3
Create a new API key on the copy sub-account
Same as the master flow: click "Create API", pick System generated, label it (e.g., "Meetcrypt copy read-only"), pass 2FA.
- 4
READ ONLY — uncheck everything except Reading
When the permissions appear: keep "Enable Reading" on. Uncheck "Enable Spot & Margin Trading", "Enable Futures", "Enable Withdrawals", "Permits Universal Transfer", and every other permission. The copy account will still execute trades from the lead trader through Binance's internal copy engine — your API key does NOT need any trade or transfer permissions for that to keep working. Read-only is enough.
- 5
(Recommended) Restrict to trusted IPs
Add 185.182.8.13 the same way as the master account.
- 6
Save and add to Meetcrypt as a separate Binance account
In Meetcrypt → Connections, add a NEW Binance account row for the copy sub-account (do not reuse the master's row). Label it clearly (e.g., "Binance — Copy Trading") so PNL and analytics are attributed correctly.
Bitget — main account
For your primary Bitget account with spot, futures, or earn balances.
Read-only access is mandatory for Bitget
The Bitget API key you give Meetcrypt must have ONLY Read / Read-only permissions. Trade, Spot, Futures, Margin, Withdraw, and Universal Transfer permissions must all be OFF. If a checkbox other than Read is on, STOP and remove it before saving. Meetcrypt will never need anything beyond Read access to compute your analytics.
Bitget requires a Passphrase
Unlike Binance, Bitget keys have THREE secret pieces: API Key, API Secret, and an API Passphrase you set yourself. You will paste all three into Meetcrypt. The passphrase is shown only once at creation and cannot be recovered — save it in a password manager.
- 1
Sign in to your Bitget account
Go to bitget.com and sign in. 2FA must be enabled before you can create an API key.
- 2
Open API Management
Click your profile icon (top right) → API Management. Or directly: bitget.com/en/account/newapi.
- 3
Create a new API key
Click "Create API". Choose "System-generated". Name it (e.g., "Meetcrypt read-only"). Bitget will ask you to set an API Passphrase — this is REQUIRED (unlike Binance). Pick a strong passphrase and save it; you will need to paste it into Meetcrypt along with the key and secret.
- 4
READ ONLY — pick Read-only on the permission selector
Bitget surfaces three options for permissions: "Read-only", "Read & Write" (or "Trade"), and sometimes "Withdraw". Choose READ-ONLY. Do NOT pick Read & Write or Trade. Do NOT enable Withdraw. If Bitget asks you to confirm that you understand the read-only mode means no orders will be placed, confirm yes — that is exactly what you want.
- 5
(Recommended) IP whitelist
Bitget supports binding the key to specific IPs. Click "Bind IP" and add 185.182.8.13. This dramatically reduces the blast radius if the key ever leaks.
- 6
Save the API Key, Secret, and Passphrase
Bitget shows the Secret only once. Copy Key + Secret + Passphrase to a password manager. Then in Meetcrypt → Connections → "Add account" → Bitget, paste all three.
Bitget — copy trading account
For a Bitget copy-trading sub-account. Treat it as its own connection in Meetcrypt.
Read-only access is mandatory for Bitget Copy Trading
The Bitget Copy Trading API key you give Meetcrypt must have ONLY Read / Read-only permissions. Trade, Spot, Futures, Margin, Withdraw, and Universal Transfer permissions must all be OFF. If a checkbox other than Read is on, STOP and remove it before saving. Meetcrypt will never need anything beyond Read access to compute your analytics.
Read-only is enough — and Bitget requires a passphrase
Same as the Bitget master account: you set an API Passphrase that you will paste into Meetcrypt alongside the Key and Secret. And same as Binance copy: read-only is sufficient — the copy engine runs server-side and does not need your API key to have trade permissions.
- 1
Identify the Bitget Copy Trading account
On Bitget, copy trading typically runs from a sub-account: either a Copy Trading follower account or a Lead Trader account. Each has its own balances and its own API. Decide which one Meetcrypt should track.
- 2
Open API Management for that sub-account
Profile icon → Sub-Account → select the copy-trading sub-account → "API Management" for that account. (Bitget may also expose this under Copy Trading → Settings → API.)
- 3
Create a new API key with a passphrase
Same as the master flow. Pick "System-generated", label it (e.g., "Meetcrypt copy read-only"), set a strong API passphrase, and save it.
- 4
READ ONLY only — never Trade, never Withdraw
Pick the Read-only permission. Bitget's copy-trading engine will continue placing trades from the lead trader server-side; your read-only API key does NOT need trade permissions for copy trading to keep working. If Bitget tries to default the permission to "Read & Write", explicitly switch it to Read-only before saving.
- 5
(Recommended) IP whitelist + label
Bind the key to 185.182.8.13. Then in Meetcrypt → Connections, add this as a SEPARATE Bitget account row labelled clearly (e.g., "Bitget — Copy Trading") so the analytics page attributes its PNL correctly.
Final checklist before you save the key
Run through this every single time, for every key, on every exchange. If any item fails, regenerate the key — do not paste it into Meetcrypt.
- The API key has only Read / Read-only permissions enabled.
- Trade / Spot Trading / Futures / Margin / Withdraw / Universal Transfer / Internal Transfer / Convert / Loan / Vault permissions are ALL OFF.
- You set an IP whitelist where the exchange supports one (Binance and Bitget both do).
- You saved the Secret (and Passphrase for Bitget) in a password manager — exchanges only show it once.
- You labelled the key clearly on the exchange so you can revoke it later without confusion.
If you already saved a key with trade or withdraw permissions
It happens. Here is exactly what to do — in this order — to remove the risk.
- 1
Revoke the over-permissioned key on the exchange RIGHT NOW
Open the exchange's API Management page, find the key, click Delete (or Revoke). Stop here until that is done — the key is the threat, not the row in Meetcrypt.
- 2
Generate a new READ-ONLY key on the exchange
Follow the steps above for that exchange. Same procedure, just with permissions correctly set this time.
- 3
Update the Meetcrypt connection with the new key
In Meetcrypt → Connections, find the row for that account, click "Update credentials", and paste the new Key/Secret (and Passphrase if Bitget). Meetcrypt will validate it and resume syncing.
- 4
Optional but smart: rotate your exchange password and 2FA
If you are unsure how an over-permissioned key was created, treat the account as potentially compromised. Change the exchange password, regenerate 2FA, and review recent withdrawals.
One more time, because it matters most:
The API key you save in Meetcrypt must be READ-ONLY. No Trade. No Spot. No Futures. No Margin. No Withdraw. No Universal Transfer. No Convert. No Loan. Read is the only permission you need, and it is the only permission you should leave on. If anything else is on, regenerate the key.