Home/Guides/API Trading Guide

Complete API Trading Guide — REST, WebSocket, CCXT

What is API Trading?

API trading lets code talk directly to an exchange — placing orders, reading prices, managing positions — without touching the UI. For AI agents, this is the only viable approach.

Every major exchange exposes two types of endpoints: REST for request-response operations (place order, get balance), and WebSocket for real-time streaming (live price feeds, order book updates).

REST API — The Basics

REST calls follow a simple pattern: send a signed HTTP request, get JSON back.

import ccxt

exchange = ccxt.binance({
    "apiKey": "YOUR_KEY",
    "secret": "YOUR_SECRET",
})

# Public — no key needed
ticker = exchange.fetch_ticker("BTC/USDT")
print(ticker["last"])  # current price

# Private — needs key
balance = exchange.fetch_balance()
order = exchange.create_market_buy_order("BTC/USDT", 0.001)

WebSocket — Real-Time Data

Use WebSocket when you need live prices without polling. Polling at high frequency burns rate limits and adds latency.

import ccxt.pro as ccxtpro
import asyncio

async def watch_trades():
    exchange = ccxtpro.binance()
    while True:
        trades = await exchange.watch_trades("BTC/USDT")
        print(trades[-1])  # latest trade

asyncio.run(watch_trades())

CCXT — One Library, 100+ Exchanges

CCXT is the standard library for crypto API trading. Write your code once and switch exchanges by changing one line.

pip install ccxt

# Switch between any exchange instantly
exchange = ccxt.bybit({"apiKey": "...", "secret": "..."})
exchange = ccxt.okx({"apiKey": "...", "secret": "..."})
exchange = ccxt.hyperliquid({"privateKey": "..."})

Rate Limits — Don't Get Banned

Every exchange enforces rate limits. Exceed them and you get temporarily blocked.

  • Binance: 1200 requests/min on REST. Use WebSocket for price feeds instead of polling.
  • OKX: 60 requests/2 seconds per endpoint.
  • Bybit: 120 requests/5 seconds.
  • Hyperliquid: No hard limit published — be reasonable.

CCXT has built-in rate limiter: set enableRateLimit: True and it handles this automatically.

Authentication — How It Works

Private endpoints require HMAC-SHA256 signing. CCXT does this automatically. If calling APIs directly:

import hmac, hashlib, time

timestamp = str(int(time.time() * 1000))
message = timestamp + "GET" + "/api/v5/account/balance"
signature = hmac.new(
    secret.encode(), message.encode(), hashlib.sha256
).hexdigest()

Testnet First — Always

Every major exchange has a testnet with fake money. Use it before risking real capital.

# Binance testnet
exchange = ccxt.binance()
exchange.set_sandbox_mode(True)
# Use keys from testnet.binance.vision

# Bybit testnet
exchange = ccxt.bybit({"testnet": True})

# Kraken paper trading (built-in CLI)
kraken paper order BTC/USD buy 0.001 market

MCP — The Claude-Native Approach

If you're using Claude, MCP servers are faster to set up than raw API integration. Claude reads the tool definitions and uses them directly — no code needed.

# Add Paradex MCP (no-KYC DEX)
claude mcp add paradex

# Add CCXT MCP (100+ exchanges)
claude mcp add ccxt -- npx @ccxt/mcp-server

# Then just ask Claude:
# "Buy 0.01 BTC at market on Binance"

Security Rules

  • Never enable withdrawal permission on trading API keys
  • Always whitelist your server IP if the exchange allows it
  • Store keys in environment variables — never hardcode
  • Use a dedicated sub-account for bot trading
  • Set position size limits and stop losses before going live

Which Exchange to Start With?

See the Exchange Directory for full rankings. Quick summary:

Browse: Exchange Directory · Skills & MCP Servers · All Guides