Read only API key is not read only! - Githubissues

binance-us / binance-us-api-docs

Official Documentation for the Binance US APIs and Streams

410 stars 169 forks source link

Read only API key is not read only! #4

Closed segersniels closed 4 years ago

segersniels commented 4 years ago

Issue

There is quite a big security risk regarding your API... Read only API keys aren't actually read only and can still create/delete orders.

Steps to reproduce

Create a read only API key
Try to create a new order using the api/v3/order or api/v3/order/test endpoint

What should happen

Should return an error saying the key doesn't have the required permissions like the normal Binance API does.

body: {
    code: -2015,
    msg: 'Invalid API-key, IP, or permissions for action.'
},

segersniels commented 4 years ago

Received confirmation on Telegram that the issue is going to be resolved.