TiltlessTILTLESS
View pricing

Updated: 2026-02-14

How to Create an OKX API Key

Create a read-only API key in OKX to connect your spot, perpetual swap, futures, and options trades to Tiltless. This guide covers key creation, the OKX passphrase, permission scoping, and security best practices.

Create Your API Key

Log in to your OKX account and navigate to Account > API. Click 'Create API Key.'

OKX will ask you to complete security verification and set a passphrase. The passphrase is required alongside the key and secret for all API requests — choose something strong and store it securely.

  • Open Account > API in your OKX account
  • Click 'Create API Key'
  • Complete security verification when prompted
  • Set a passphrase (required for API authentication)
  • Label the key (e.g., 'Tiltless Read-Only')

Set Read-Only Permissions

OKX offers granular permission scopes. Select only 'Read' permissions. Do not enable any trading, withdrawal, or transfer permissions.

A read-only key can access your trade history, positions, and account data — but cannot execute trades, move funds, or change account settings. This is the only permission scope Tiltless requires.

  • Enable: 'Read' — read-only access to trades and account data
  • Disable: 'Trade' — Tiltless does not place orders
  • Disable: 'Withdraw' — Tiltless never moves funds
  • Disable: Any permission beyond 'Read'

The OKX Passphrase

OKX is unique among exchanges in requiring a passphrase for API authentication. The passphrase acts as a third credential alongside the API key and secret.

When you connect OKX to Tiltless, you will need to provide all three values: API key, secret, and passphrase. Tiltless encrypts all three at rest. If you forget the passphrase, you will need to create a new API key — OKX does not allow passphrase recovery.

Bind to Trusted IPs

OKX allows you to bind API keys to specific IP addresses. This is optional but recommended — the key will only work from approved addresses.

Even with a read-only key and passphrase, IP binding adds defense-in-depth. If both the credentials and passphrase are compromised, IP restriction prevents unauthorized use from unknown locations.

Copy and Store Your Credentials

After creating the key, OKX shows your API key and secret key. Copy both values immediately — OKX will not show the secret again after you leave this page. You should already have your passphrase saved from the creation step.

Paste all three values — API key, secret, and passphrase — into Tiltless under your integration settings.

  • Copy the API key (public identifier)
  • Copy the Secret key (shown only once — save it now)
  • Have your passphrase ready (set during key creation)
  • Paste all three into Tiltless to complete the connection

Security Best Practices

API keys are credentials. Treat them — and the passphrase — with the same care as a password.

  • Never share your secret key or passphrase outside of trusted integrations
  • Use read-only permissions — a journal should never have trade execution access
  • Enable IP binding to limit where the key can be used
  • Revoke and replace any key you suspect has been compromised
  • Rotate keys periodically — delete the old key and create a fresh one with a new passphrase
  • Do not store secrets or passphrases in plain text, screenshots, or shared documents

Troubleshooting

If your connection fails after entering credentials, check these common issues.

  • Verify the secret key was copied completely — it is long and easy to truncate
  • Confirm the passphrase matches exactly (case-sensitive)
  • Check that 'Read' permission is enabled in Account > API
  • Check IP binding settings if the key is IP-locked
  • Ensure the key has not been revoked
  • Try creating a new key if the existing one continues to fail

Related Resources

OKX integration overview

Crypto trading journal guide

Position size calculator

PnL calculator

Funding rate calculator

Fee impact calculator

FAQ

?Where do I find API settings in OKX?

Go to Account > API in your OKX account. The API management page is under account settings or security settings depending on your interface version.

?What permissions should I enable?

Enable only 'Read' permissions. Do not enable 'Trade', 'Withdraw', or any other permission. Tiltless only needs to read your trade history.

?What is the passphrase for?

OKX requires a passphrase when creating an API key. This passphrase is needed alongside the API key and secret to authenticate requests. Choose a strong passphrase and store it securely — Tiltless encrypts it at rest.

?Is it safe to share my OKX API key with Tiltless?

Yes, when scoped to read-only. A read-only key cannot execute trades, transfer funds, or modify your account. Tiltless encrypts your key, secret, and passphrase at rest.

?What if my API key is leaked?

Revoke it immediately in OKX under Account > API. Even though a read-only key cannot move funds, you should revoke and replace any compromised credential. The passphrase requirement adds an extra barrier, but do not rely on it alone.

?Can I restrict the API key to specific IP addresses?

Yes. OKX supports IP binding for API keys. Adding your IP address ensures the key only works from approved addresses — even if the key and passphrase are compromised.

?Does one API key cover all OKX products?

Yes. A single OKX API key with 'Read' permission covers Spot, Perpetual Swaps, Expiry Futures, and Options within your account.

?How do I revoke an OKX API key?

Go to Account > API, find the key, and delete it. The key stops working immediately. Tiltless retains imported data but stops syncing new trades.

?Do I need separate keys for Unified and Classic accounts?

No. One API key covers your entire account regardless of whether you use OKX's Unified Account or Classic Account mode.

Connect OKX and start reviewing trades

Paste your read-only API key, secret, and passphrase into Tiltless and your trades sync automatically.

View plans
How to Create an OKX API Key (Read-Only) | Tiltless