API Reference
Start typing to search…

2025.12

🔐 Core Security Enhancement: Overall API Security Upgrade To build a more robust, proactive defense system, we have completed a comprehensive enhancement of our API security. This upgrade is designed to mitigate potential risks across multiple dimensions, including:

  • Introduction of API Key Auto-Expiration: To reduce the security threat posed by idle credentials, any API key that remains unused for 90 consecutive days will be automatically deactivated by the system. Please regularly review your keys to ensure critical ones remain active.
  • Mandatory Two-Factor Authentication (2FA) for Critical Operations: If enabled, withdrawals initiated via API now require mandatory 2FA verification. This adds a vital security layer for all fund outflow activities.
  • Availability of Custom Risk Control Rules: You can now create personalized monitoring and auto-blocking rules for specific sensitive activities (e.g., large withdrawals), enabling granular control over your account security.

We highly encourage you to leverage these new features. Please find the detailed configuration guide here: Risk Control Rule Configuration Guide

📢 Critical Reminder: API Key Management & Webhook push notification We would like to take this opportunity to reiterate the critical importance of API key security, as they are the core credentials for accessing your account. Please ensure you:

  • Establish a regular audit cycle to revoke any unnecessary or idle API keys immediately, and strictly adhere to the "Principle of Least Privilege."
  • If a third-party vendor manages your system, please verify that they have implemented stringent security measures, including, but not limited to: encrypting sensitive information, enforcing effective risk isolation, and avoiding hard-coding keys in plain text within code repositories.

Detailed guidance can be found here: General Security Principles for API Key Management

Additionally, institutional clients can subscribe to webhooks to receive notifications for digital currency deposit and withdrawal orders, enabling them to stay updated on the latest movements of digital assets in a more timely manner. Should you have any needs, please contact your account manager for integration details.