Skip to content
Guide

How to connect a trading bot to Kraken safely

The safe way to connect any trading bot to Kraken is with an API key that can read your balances and place trades, but cannot withdraw funds. Enable query and trade permissions only, leave withdrawal off, and keep the key encrypted. Do that and the bot can trade for you while your money stays locked in your own account.

Last updated June 2026

The one rule that matters most

Before any of the steps, internalize the rule that makes the whole thing safe: never grant withdrawal permission to a trading bot. An API key is not your password; it is a limited set of permissions you choose. If withdrawal is off, no bot, and no attacker who somehow got the key, can move your funds off Kraken.

Which permissions to enable

In Kraken's API key settings, a trading bot needs exactly these and nothing more:

  • Query Funds: lets the bot read your balances.
  • Query Open Orders & Trades, and Query Closed Orders & Trades: lets it see order status.
  • Create & Modify Orders: lets it place and cancel trades.
  • Withdraw Funds: leave this OFF, always.

The principle is least privilege: grant the minimum permissions the tool needs to do its job, and nothing else.

Step by step

The general flow on Kraken is:

  • Sign in to Kraken and open Settings, then the API section.
  • Create a new API key dedicated to this bot (do not reuse one).
  • Enable the query and order permissions above; leave withdrawal unchecked.
  • If the tool runs from a fixed IP, add it to the key's IP restriction field.
  • Copy the API key and private key, then paste them into the tool over HTTPS.
  • Store nothing in plain text, and delete the key in Kraken if you stop using the tool.

Kraken's own API Key Security guidance recommends the same: minimal permissions, no unnecessary withdrawal access, and IP restrictions where possible.

How Sentari handles this

Sentari only ever uses trade-level access, never withdrawal, and encrypts your keys on the server rather than in your browser. It is non-custodial, so even Sentari cannot move your funds; your money stays in your Kraken account, and you can pause or disconnect at any time. For the broader safety picture, see is automated crypto trading safe?

Frequently asked questions

What Kraken API permissions does a trading bot need?
A trading bot needs to read balances and to place and cancel orders. On Kraken that means enabling Query Funds and the order permissions (Query and Modify Orders). It does not need, and should never be given, withdrawal permission.
Should I give a trading bot withdrawal access on Kraken?
No. Never enable withdrawal permission for a trading bot. Without it, the bot can trade on your behalf but can never move funds out of your account, which is the single most important safety control.
Is it safe to connect a bot to Kraken with an API key?
Yes, when the key has trade access only, no withdrawal permission, and is stored securely. Your funds remain in your own Kraken account; the bot only sends trade instructions. Adding an IP restriction and using minimal permissions further reduces risk.
How does Sentari protect my Kraken API keys?
Sentari encrypts your keys on the server, never in the browser, and only ever uses trade-level access. It is non-custodial, so your funds stay in your Kraken account and Sentari cannot withdraw them.
Can I revoke a Kraken API key later?
Yes. You can delete or regenerate an API key in your Kraken settings at any time, which immediately cuts off the connected tool. Rotating keys periodically is good practice.

Sentari provides software and information, not financial advice. Crypto trading involves risk, including the loss of capital. Past performance is not a guarantee of future results.