cURL

curl --request GET \
  --url https://test.deribit.com/api/v2/private/create_api_key \
  --header 'Content-Type: application/json' \
  --data '
{
  "jsonrpc": "2.0",
  "id": 8974,
  "method": "private/create_api_key",
  "params": {
    "name": "Public key 1",
    "max_scope": "account:read trade:read block_trade:read_write wallet:none",
    "public_key": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAM7FWhKquNqLmTOV4hfYT5r3AjrYiORTT6Tn5HIfFNV8=\n-----END PUBLIC KEY-----"
  }
}
'

{
  "jsonrpc": "2.0",
  "id": 2453,
  "result": {
    "timestamp": 1560242482758,
    "max_scope": "account:read_write block_trade:read trade:read_write wallet:read_write",
    "id": 3,
    "enabled": true,
    "default": false,
    "client_secret": "B6RsF9rrLY5ezEGBQkyLlV-UC7whyPJ34BMA-kKYpes",
    "client_id": "1sXMQBhM",
    "name": "NewKeyName"
  }
}

Account Management

private/create_api_key

Creates a new API key with the specified scope and permissions. API keys are used for programmatic access to the Deribit API and can be restricted to specific operations and IP addresses.

The response includes both the API key ID and the secret key. Store the secret securely as it will not be displayed again. You can view the API key details (without the secret) using the list_api_keys method.

TFA required

📖 Related Articles:

Scope: account:read_write

Try in API console

cURL

curl --request GET \
  --url https://test.deribit.com/api/v2/private/create_api_key \
  --header 'Content-Type: application/json' \
  --data '
{
  "jsonrpc": "2.0",
  "id": 8974,
  "method": "private/create_api_key",
  "params": {
    "name": "Public key 1",
    "max_scope": "account:read trade:read block_trade:read_write wallet:none",
    "public_key": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAM7FWhKquNqLmTOV4hfYT5r3AjrYiORTT6Tn5HIfFNV8=\n-----END PUBLIC KEY-----"
  }
}
'

{
  "jsonrpc": "2.0",
  "id": 2453,
  "result": {
    "timestamp": 1560242482758,
    "max_scope": "account:read_write block_trade:read trade:read_write wallet:read_write",
    "id": 3,
    "enabled": true,
    "default": false,
    "client_secret": "B6RsF9rrLY5ezEGBQkyLlV-UC7whyPJ34BMA-kKYpes",
    "client_id": "1sXMQBhM",
    "name": "NewKeyName"
  }
}

Query Parameters

max_scope

string[]

required

Describes maximal access for tokens generated with given key. If scope is not provided, its value is set as none.

📖 Related Article: Access Scope

Example:

[
  "account:read",
  "trade:read",
  "block_trade:read_write",
  "wallet:none"
]

name

string

Name of key (only letters, numbers and underscores allowed; maximum length - 16 characters)

Example:

"TestName"

public_key

string

ED25519 or RSA PEM Encoded public key that should be used to create asymmetric API Key for signing requests/authentication requests with user's private key.

📖 Related Article: Asymmetric API keys

Example:

"-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAM7FWhKquNqLmTOV4hfYT5r3AjrYiORTT6Tn5HIfFNV8=\n-----END PUBLIC KEY-----"

enabled_features

enum<string>[]

List of enabled advanced on-key features. Available options:
- restricted_block_trades: Limit the block_trade read the scope of the API key to block trades that have been made using this specific API key
- block_trade_approval: Block trades created using this API key require additional user approval. Methods that use block_rfq scope are not affected by Block Trade approval feature

Available options:

restricted_block_trades,

block_trade_approval

Response

200 - application/json

Success response

jsonrpc

enum<string>

required

The JSON-RPC version (2.0)

Available options:

2.0

result

object

required

Hide child attributes

result.id

integer

required

Key identifier

Example:

1

result.timestamp

integer

required

The timestamp (milliseconds since the Unix epoch)

Example:

1536569522277

result.client_id

string

required

Client identifier used for authentication

Example:

"IY2D68DS"

result.client_secret

string

required

Client secret or MD5 fingerprint of public key used for authentication

Example:

"P9Z_c73KaBPwpoTVfsXzehAhjhdJn5kM7Zlz_hhDhE8"

result.max_scope

string[]

required

Describes maximal access for tokens generated with given key. If scope is not provided, its value is set as none.

📖 Related Article: Access Scope

Example:

[
  "account:read",
  "trade:read",
  "block_trade:read_write",
  "wallet:none"
]

result.default

boolean

required

Informs whether this api key is default (field is deprecated and will be removed in the future)

Example:

false

result.public_key

string

PEM encoded public key (Ed25519/RSA) used for asymmetric signatures (optional)

Example:

"-----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEApajFN0CSwIaaiIRPiFbiYYvpsLQLSccSLLsKPe984sc= -----END PUBLIC KEY-----"

result.enabled

boolean

Informs whether api key is enabled and can be used for authentication

Example:

true

result.name

string

Api key name that can be displayed in transaction log

Example:

"TestName"

result.enabled_features

string[]

List of enabled advanced on-key features.

Available options:
- restricted_block_trades: Limit the block_trade read the scope of the API key to block trades that have been made using this specific API key
- block_trade_approval: Block trades created using this API key require additional user approval. Methods that use block_rfq scope are not affected by Block Trade approval feature

result.ip_whitelist

array

List of IP addresses whitelisted for a selected key

integer

The id that was sent in the request

private/change_subaccount_name private/create_subaccount

⌘I

Methods overview

Methods

Query Parameters

Response