HashKey Exchange Setup
Connect your HashKey account to SignalBee in minutes. This guide walks you through creating and configuring API keys with the exact permissions needed for automated trading.
Prerequisites
Before you begin, make sure you have:
- Verified HashKey account - Identity verification (KYC) completed
- 2FA enabled on HashKey - Required for API key creation
- SignalBee account - Ready to connect an exchange
- Password manager - For storing your API credentials securely
Important: HashKey is a regulated Hong Kong exchange. You may need to complete enhanced verification depending on your jurisdiction. Account verification requirements are stricter than unregulated exchanges.
About HashKey
HashKey is a Hong Kong-based cryptocurrency exchange licensed by the Securities and Futures Commission (SFC). Key highlights:
- SFC-licensed - One of the few exchanges licensed by Hong Kong's financial regulator
- Regulatory compliance - Institutional-grade compliance and security standards
- Limited trading pairs - Carefully curated selection of major cryptocurrencies
- Testnet available - Test your integration before trading with real funds
- Institutional focus - Designed to meet institutional trading requirements
Regional Note: HashKey focuses on compliant cryptocurrency trading in Hong Kong. Some features may require Hong Kong residency or enhanced verification for full access.
Creating Your API Key
Follow these steps to create an API key on HashKey:
Step 1: Log In to HashKey
- Go to hashkey.com
- Log in with your email and password
- Complete 2FA verification if prompted
Step 2: Navigate to API Management
- Click your profile icon in the top-right corner
- Select Settings from the dropdown menu
- Click API Management in the left sidebar
- You'll see a list of your existing API keys (if any)
Step 3: Create a New API Key
- Click the Create API Key button
- You'll be presented with the API configuration screen
Step 4: Enter a Label
- Enter a descriptive label:
SignalBee Trading - A clear label helps you identify this key's purpose later
Tip: Use specific labels like "SignalBee-Spot" or "SignalBee-Main" if you plan to create multiple keys for different purposes.
Step 5: Configure Permissions
- Check the permission boxes as described in the Configuring Permissions section below
- Enable Read and Trade permissions
- Never enable the Withdrawal permission
Step 6: Configure IP Whitelist (Optional)
- If you want to restrict API access to specific IPs, enable IP whitelisting
- See IP Whitelist Configuration for details
- You can skip this step for initial setup
Step 7: Copy Your Keys IMMEDIATELY
After completing 2FA verification, your credentials will be displayed:
- API Key - Can be viewed later in your API Management page
- Secret Key - Shown only ONCE - Copy it immediately!
| Key | Can View Later? | Action Required |
|---|---|---|
| API Key | Yes | Copy and save |
| Secret Key | NO - Never shown again | Copy immediately! |
Warning: If you navigate away without copying your Secret Key, you'll need to delete this API key and create a new one. There is no way to recover a Secret Key.
Save both keys in your password manager now before proceeding.
Configuring Permissions
HashKey uses a straightforward permission system. Configure permissions carefully for security.
Required Permissions
| Permission | Enable? | Why |
|---|---|---|
| Read | Yes | Allows SignalBee to check your balances and account info |
| Trade | Yes | Allows SignalBee to place and manage spot orders |
Never Enable These Permissions
| Permission | Enable? | Why |
|---|---|---|
| Withdraw | NEVER | SignalBee never needs withdrawal access. Enabling this is a serious security risk. |
| Transfer | No | Not needed for SignalBee trading |
Security Note: Even if your API key is somehow compromised, funds cannot be withdrawn without withdrawal permission enabled. This is your most important security protection.
Simple Two-Permission System
HashKey uses a clean permission model similar to other modern exchanges:
| Exchange | Trading Permission Model |
|---|---|
| HashKey | Two permissions: Read + Trade |
| BingX | Two permissions: Read + Spot Trade |
| Bitstamp | Six separate permissions |
| OKX | Three credentials + multiple permissions |
This makes HashKey one of the simpler exchanges to configure securely.
IP Whitelist Configuration
IP whitelisting restricts your API key to only work from specific IP addresses. This is optional but adds a strong security layer.
Why Use IP Whitelisting?
| Scenario | Without Whitelist | With Whitelist |
|---|---|---|
| SignalBee places trade | Works | Works |
| Attacker tries stolen key | Could work | Blocked |
Even if your API key is somehow exposed, it won't work from unauthorized IP addresses.
SignalBee Server IP Addresses
Note: Contact support@signalbee.trade to request SignalBee's current production IP addresses for whitelisting. We maintain static IPs specifically for exchange API calls and will notify you before any infrastructure changes.
How to Configure IP Whitelisting
- During API key creation, enable IP Address Restriction
- Enter each SignalBee IP address provided by support
- Click Save
- Complete 2FA verification if prompted
If You Skip IP Whitelisting
If you choose not to use IP whitelisting:
- Leave IP restrictions disabled during setup
- Understand this is less secure but still safe if withdrawals are disabled
- Your other security measures (no withdrawal permission) still protect your funds
Adding to SignalBee
Now connect your HashKey API key to SignalBee:
Step 1: Go to Exchanges Page
- Log in to your SignalBee account
- Navigate to Exchanges in the main menu
Step 2: Add New Exchange
- Click the Add Exchange button
- Select HashKey from the exchange list
Step 3: Enter Your Credentials
HashKey uses a standard two-value API system:
- API Key - Paste your HashKey API key
- Secret Key - Paste your HashKey Secret key
- Label (optional) - Enter a name like "HashKey Main Account"
Note: HashKey requires only 2 credentials (API Key + Secret Key). This is simpler than exchanges like OKX or KuCoin that require an additional passphrase.
Step 4: Test the Connection
- Click Save and Test Connection
- Wait for SignalBee to verify your credentials
- Look for the success message
Step 5: Verify Your Setup
After successful connection:
- Your HashKey balances should appear in SignalBee
- Check that your expected assets are listed
- Balances confirm the Read permission is working
Tip: If balances don't appear, verify that Read permission is enabled on your API key.
HashKey-Specific Considerations
Ticker Format
HashKey uses concatenated ticker symbols internally (no separator):
| SignalBee Format | HashKey Format |
|---|---|
| BTC-USDT | BTCUSDT |
| ETH-USDT | ETHUSDT |
| XRP-USDT | XRPUSDT |
| SOL-USDT | SOLUSDT |
SignalBee handles this conversion automatically. Use the standard hyphen format (BTC-USDT) in your webhooks and SignalBee will convert to HashKey's format.
Supported Order Types
HashKey spot trading supports the following order types:
| Order Type | Supported | Notes |
|---|---|---|
| Market Order | Yes | Executes immediately at best available price |
| Limit Order | Yes | Executes at specified price or better (GTC default) |
| Stop-Loss | No | Not available via spot API |
| Take-Profit | No | Not available via spot API |
| Trailing Stop | No | Not supported |
Important: HashKey does not support stop orders on the spot market. If your trading strategy requires stop-loss or take-profit orders, these must be managed at the strategy level. Consider using market orders to exit positions when your strategy signals an exit.
Limited Trading Pairs
HashKey offers a more limited selection of trading pairs compared to global exchanges:
- Focus on major cryptocurrencies (BTC, ETH, and select altcoins)
- Primarily USDT pairs
- Quality over quantity - curated for compliance
Tip: Check HashKey's trading page for the current list of available pairs before setting up your trading strategies.
Trading Fees
| Fee Type | Rate |
|---|---|
| Maker | Check HashKey |
| Taker | Check HashKey |
Tip: Visit HashKey's fee schedule for the most current rates and any VIP tier discounts.
Minimum Order Sizes
HashKey enforces minimum order values and precision limits. Orders below minimums or exceeding precision limits will be rejected:
| Filter | Description |
|---|---|
| LOT_SIZE | Minimum quantity and step size |
| PRICE_FILTER | Price precision limits |
| MIN_NOTIONAL | Minimum order value in quote currency |
Tip: Check HashKey for current minimum order sizes for specific pairs. SignalBee caches trading rules and handles precision automatically.
API Rate Limits
- HashKey enforces API rate limits to ensure fair access
- Rate limit errors (code -1003) are retryable after a short wait
- SignalBee handles rate limiting automatically
- If you see persistent rate limit errors, reduce your signal frequency
Warning: Continuing to send requests after rate limit errors can result in an IP ban (HTTP 418). SignalBee implements backoff to prevent this.
Testnet Available
HashKey offers a testnet environment for testing your integration before going live:
| Environment | API Endpoint |
|---|---|
| Production | https://api-pro.hashkey.com |
| Testnet | https://api-pro.sim.hashkeydev.com |
Tip: Use the testnet to verify your webhook configuration and signal delivery before enabling live trading. Contact HashKey for testnet credentials.
Time Synchronization
- HashKey uses Unix timestamps in milliseconds
- SignalBee synchronizes time automatically with HashKey servers
- Timestamp errors (-1021) indicate clock sync issues that SignalBee handles automatically
Troubleshooting
Common HashKey-specific errors and solutions:
| Error | Code | Likely Cause | Solution |
|---|---|---|---|
| Invalid Signature | -1022 | Incorrect Secret Key | Re-copy the Secret Key carefully. If lost, create new key. |
| Invalid API Key | -2015 | Wrong key or lacks permissions | Re-copy API key. Verify key exists in API Management. |
| Timestamp Error | -1021 | Clock synchronization issue | SignalBee syncs automatically. Wait and retry. |
| Insufficient Balance | -2010 | Not enough funds | Deposit crypto or reduce order size. |
| Invalid Symbol | -1121 | Wrong trading pair format | SignalBee converts automatically. Verify pair exists on HashKey. |
| Order Not Found | -2013 | Invalid order ID | Order may have been filled or cancelled. |
| Order Already Filled | -2012 | Trying to cancel filled order | Order completed before cancel request. |
| Order Cancelled | -2011 | Order already cancelled or filled | No action needed. |
| Filter Failure | -1013 | LOT_SIZE, PRICE_FILTER, or MIN_NOTIONAL | Adjust order size or price within limits. |
| Precision Error | -1111 | Too many decimal places | Reduce decimal precision. SignalBee handles this automatically. |
| Missing Parameter | -1102 | Required parameter not provided | Contact support if this persists. |
| Rate Limit Exceeded | -1003 | Too many API requests | Wait and retry. SignalBee handles backoff automatically. |
| Internal Error | -1001 | Exchange system error | Wait and retry. Usually temporary. |
| IP Banned | HTTP 418 | Continued requests after rate limit | Contact HashKey support to unban. |
Connection Test Fails?
If your connection test fails in SignalBee:
- Double-check both keys - Copy-paste errors are the most common issue
- Verify permissions - Ensure Read and Trade permissions are enabled
- Check IP whitelist - Disable IP restriction temporarily to test
- Wait a few minutes - New API keys may take 1-2 minutes to propagate
- Check HashKey status - Verify HashKey is not under maintenance
- Check verification level - Some features require enhanced KYC
Orders Rejected?
If your orders are being rejected:
- Check order type - HashKey only supports Market and Limit orders (no stops)
- Verify minimum size - Order may be below minimum notional value
- Check precision - Too many decimal places in quantity or price
- Confirm pair exists - Verify the trading pair is available on HashKey
- Check balance - Ensure sufficient funds for the order
For persistent issues, see our Error Codes Reference or contact support@signalbee.trade.
Security Best Practices
Follow this checklist to keep your HashKey account secure:
HashKey Account Security
- Enable 2FA with Google Authenticator - more secure than SMS
- Use a unique, strong password for HashKey (not reused from other sites)
- Enable email notifications for account activity
- Review login history regularly for unauthorized access
- Complete full identity verification for maximum account security
API Key Security
- Create a dedicated API key just for SignalBee - don't reuse keys across services
- Never enable withdrawal permission - SignalBee never needs it
- Consider IP whitelisting for maximum security
- Never share your Secret Key via email, chat, or screenshots
- Store keys in a password manager (1Password, Bitwarden, etc.)
Ongoing Security
- Review your API keys periodically in HashKey - delete any you don't recognize
- Rotate API keys every 90 days as a security habit
- Monitor trade history on HashKey for any unauthorized activity
- Keep your HashKey account verification current
Security Note: Even with all these precautions, the most important protection is never enabling withdrawal permission. Without this permission, your funds cannot be moved off the exchange even if everything else is compromised.
Related Resources
- API Key Best Practices - General API key security guidance
- Security Overview - How SignalBee protects your data
- Error Codes Reference - Common error messages explained
- Binance Exchange Setup - Similar two-value API setup with same error code format