KuCoin API key upgrade operation guide

To reinforce the security of the API, KuCoin upgraded the API key and currently it has been upgraded to version 2.0. Please upgrade your API before 07:00:00, May 13, 2021 (UTC) and feedback the upgrade progress to the key account manager . How to upgrade: Delete the API key of version 1.0>create a new API key of version 2.0verify through API 2.0.  



Enter the KuCoin website(PC only), and the API creation page, and check whether there is a V1 API key in your account. If it does not exist and has never been deleted, the user can directly exit the page without doing more Upgrade operations. 


Otherwise, there are two situations in the user's account: 

  1. The API key of V1 exists as well as the API key of V2. To prevent accidents, please follow the instructions below to complete the upgrade.
  2. Only the API key of V1 exists, please follow the instructions below to complete the upgrade.


Step 1 

Enter the KuCoin web page (only for PC), delete V1 version of API key, create V2 version of API key (only V2 key can be created by default currently) 


Step 2:

After creating the V2 version of the API key, you will receive 3 pieces of information in the following:

  • Key
  • Secret
  • Passphrase

The Key and Secret are generated and provided by KuCoin and the Passphrase refers to the one you used to create the KuCoin API. Please note that these three pieces of information can not be recovered once lost. If you lost this information, please create a new API KEY. 



You can manage the API permission on KuCoins official website. The permissions are: 


General - General - Allows key general permissions. This includes most of the GET endpoints. 

Trade - Allows a key to creating orders. 

Transfer - Allows a key to transfer funds (including deposit and withdrawal). Please note a sub-account is not authorized this permission. Enable with caution - API key transfers WILL BYPASS two-factor authentication. 


Please refer to the documentation below to see what API key permissions are required for a specific route. 


Step 3: 

If you have used any SDK that is maintained by KuCoin official, please update the SDK to the latest version, and replace the three information in step 2 to restart the program directly.  

Your API key upgrade operation is completed by now. 

SDK: https://github.com/Kucoin 


Step 4 

If you have not used the SDK that is maintained by KuCoin official, please follow these steps to adjust your code: 


Creating a Request 

All private REST requests must contain the following headers: 


KC-API-KEY The API key as a string. 

KC-API-SIGN The base64-encoded signature (see Signing a Message). 

KC-API-TIMESTAMP A timestamp for your request. 

KC-API-PASSPHRASE The passphrase you specified when creating the API key. 

KC-API-KEY-VERSION You can check the version of API key on the page of API Management 


Signing a Message 


For the header of KC-API-KEY: 


Use API-Secret to encrypt the prehash string {timestamp+method+endpoint+body} with sha256 HMAC. The request body is a JSON string and needs to be the same as the parameters passed by the API. 

After that, use base64-encode to encrypt the result in step 1 again. 


For the KC-API-PASSPHRASE of the header: 


For API key-V1.0, please pass requests in plaintext. 

For API key-V2.0, please Specify KC-API-KEY-VERSION as 2 --> Encrypt passphrase with HMAC-sha256 via API-Secret --> Encode contents by base64 before you pass the request.” 




The encrypted timestamp shall be consistent with the KC-API-TIMESTAMP field in the request header. 

The body to be encrypted shall be consistent with the content of the Request Body. 

The Method should be UPPER CASE. 

For GET, DELETE request, the endpoint needs to contain the query string. e.g. /api/v1/deposit-addresses?currency=XBT. The body is "" if there is no request body (typically for GET requests). 


Your API key upgrade operation is completed by now. 

Was this article helpful?
5 out of 19 found this helpful



Article is closed for comments.