Exchange API Keys
How to create a trade-only Binance key that Tessen will accept. Five minutes, once.
Create the key on Binance
- Log in to Binance → profile icon → Account → API Management → Create API.
- Choose System generated, name it something like
tessen-agent, and complete 2FA. - Edit the new key's restrictions:
- Enable Reading — required.
- Enable Futures — required for perpetual futures agents.
- Leave "Enable Withdrawals" OFF — Tessen rejects the key if this is on.
- Recommended: Restrict access to trusted IPs. Keys without IP restriction are auto-deleted by Binance after 90 days of inactivity and have lower permission ceilings.
- Copy the API Key and Secret Key. The secret is shown once — if you lose it, delete the key and create a new one.
Connect it in the Studio
Studio → Connect Exchange → paste both values → Connect. Tessen validates the key live against Binance: it reads the permission map, rejects withdrawal-enabled keys, and performs one signed read to prove the pair actually works. Only then is it encrypted and stored. You'll see the connected key as a masked preview with its permission summary.
Troubleshooting
- "This key has withdrawal permission" — edit the key on Binance and turn withdrawals off, or create a fresh key. This is not overridable.
- "Binance rejected the key"— the key/secret pair is wrong (most often a truncated paste of the secret) or the key was deleted on Binance's side.
- "No futures permission" warning — the key connected, but live perp deployment will need Futures enabled on it. Edit the key restrictions on Binance.
- IP-restricted key fails validation— your restriction list doesn't include Tessen's engine IP. Contact us for the current address, or connect without IP restriction first.