Authenticate
Changelog
For more details on these changes, please see the Testnet documentation.
2025-05-27
This Changelog
- This is the last update to the Changelog on this page. From now on, please stay informed about changes to Spot Test Network by reading either of:
REST API & Websocket API
- Reminder that SBE 2:0 schema will be retired on 2025-05-28, 6 months after being deprecated.
- The SBE lifecycle for Testnet has been updated to reflect this change.
2025-05-21
Notice: The following changes will happen at 2025-05-21 7:00 UTC.
- The previous behavior of
recvWindowon FIX, REST, and WebSocket APIs will be augmented by an additional check.- To review, the existing behavior is:
- If
timestampis greater thanserverTime+ 1 second at receipt of the request, the request is rejected. Rejection by this check increments message limits (FIX API) and IP limits (REST and WebSocket APIs), but not Unfilled Order Count (order placement endpoints of all APIs). - If the difference between
timestampandserverTimeat receipt of the request is greater thanrecvWindow, the request is rejected. Rejection by this check increments message limits (FIX API) and IP limits (REST and WebSocket APIs) but not Unfilled Order Count (order placement endpoints of all APIs).
- If
- The additional check is:
- Just before a request is forwarded to the Matching Engine, if the difference between
timestampand the currentserverTimeis greater thanrecvWindow, the request is rejected. Rejection by this check increments message limits (FIX API), IP limits (REST and WebSocket APIs), and Unfilled Order Count (order placement endpoints of all APIs).
- Just before a request is forwarded to the Matching Engine, if the difference between
- The documentation for Timing security has been updated to reflect the additional check.
- To review, the existing behavior is:
- Fixed a bug in FIX Market Data message InstrumentList
<y>. Previously, the value ofNoRelatedSym(146)could have been incorrect.
2025-05-07
Data reset
All data on the Spot Test Network has been deleted according to the periodic reset procedure. (see F.A.Q. for more details)
See older changes
F.A.Q.
How can I use the Spot Test Network?
Step 1: Log in on this website, and generate an API Key.
Step 2: Follow the official documentation of the Spot API, replacing the URLs of the endpoints with the following values:
| Spot API URLs | Spot Test Network URLs |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Can I use the /sapi endpoints on the Spot Test Network?
No, only the /api endpoints are available on the Spot Test Network:
How to get funds in/out of the Spot Test Network?
All users registering on the Spot Test Network automatically receive a balance in many different assets. Please note that these are not real assets and can be used only on the Spot Test Network itself.
All funds on the Spot Test Network are virtual, and can not be transferred in/out of the Spot Test Network.
What are the restrictions on the Spot Test Network?
IP Limits, Order Rate Limits, Exchange Filters and Symbol Filters on the Spot Test Network are generally the same as on the Spot API.
All users are encouraged to regularly query the API to get the most up-to-date rate limits & filters, for example by doing:
curl "/v3/exchangeInfo"
All my data has disappeared! What happened?
The Spot Test Network is periodically reset to a blank state. That includes all pending and executed orders. During that reset procedure, all users automatically receive a fresh allowance of all assets.
These resets happen approximately once per month, and we do not offer prior notification for them.
Starting from August 2020, API Keys are preserved during resets. Users no longer need to re-register new API Keys after a reset.
What is the difference between GET /api/v3/klines and GET /api/v3/uiKlines?
On the Spot Test Network, these 2 endpoints always return the same data.
What are RSA API Keys?
RSA API Keys are an alternative to the typical HMAC-SHA-256 API Keys that are used to authenticate your requests on the Spot API.
Unlike HMAC-SHA-256 API Keys where we generate the secret signing key for you, with RSA API Keys, *you* generate a pair of public+private RSA keys, send us the public key, and sign your requests with your private key.
What type of RSA keys are supported?
We support RSA keys of any length from 2048 bits up to 4096 bits. We recommend 2048 bits keys as a good balance between security and signature speed.
When generating the RSA signature, use the PKCS#1 v1.5 signature scheme. This is the default when using OpenSSL. We currently do not support the PSS signature scheme.
How can I use RSA API Keys?
Step 1: Generate the private key test-prv-key.pem.
Do not share this file with anyone!
openssl genrsa -out test-prv-key.pem 2048
Step 2: Generate the public key test-pub-key.pem from the private key.
openssl rsa -in test-prv-key.pem -pubout -outform PEM -out test-pub-key.pem
The public key should look something like this:
-----BEGIN PUBLIC KEY----- bL4DUXwR3ijFSXzcecQtVFU1zVWcSQd0Meztl3DLX42l/8EALJx3LSz9YKS0PMQW MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv9ij99RAJM4JLl8Rg47b dJXMrv84WL1OK/gid4hCnxo083LYLXUpIqMmL+O6fmXAvsvkyMyT520Cw0ZNCrUk WoCjGE4JZZGF4wOkWdF37JFWbDnE/GF5mAykKj+OMaECBlZ207KleQqgVzHjKuCb hPMuBVVD3IhjBfIc7EEM438LbtayMDx4dviPWwm127jwn8qd9H3kv5JBoDfsdYMB 3k39r724CljqlAfX33GpbV2LvEkL6Da3OFk+grfN98X2pCBRz5+1N95I2cRD7o+j wtCr+65E+Gqjo4OI60F9Gq5GDcrnudnUw13a4zwlU6W+Cy8gJ4R0CcKTc4+VhYVX 5wW2tzLVnDqvjIN8hjhgtmUv8hr19Wn+42ev+5sNtO5QAS6sJMJG5D+cpxCNhei1 Xm+1zXliaA1fvVYRqon2MdHcedFeAjzVtX38+Xweytowydcq2V/9pUUNZIzUqX7t Zr3F+Ao3QOb/CuWbUBpUcbXfGv7AI1ozP8LRByyu6O8Z1dZNdkdjWVt83maUrIJH jjc7jlZY9JbH6EyYV5TenjJaupvdlx72vA7Fcgevx87seog2JALAJqZQNT+t9/tm rTUSEp3t4aINKUC1QC0CYKECAwEAAQ== -----END PUBLIC KEY-----
Step 3: Register your public key on the Spot Test Network.
During registration, we will generate an API Key for you that you will have to put in the X-MBX-APIKEY
header of your requests, exactly the same way as you would do for HMAC-SHA-256 API Keys.
Step 4: When you send a request to the Spot Test Network, sign the payload using your private key.
Here is an example Bash script to post a new order and sign the request using OpenSSL. You can adapt it to your favorite programming language:
#!/usr/bin/env bash # Set up authentication: API_KEY="put your own API Key here" PRIVATE_KEY_PATH="test-prv-key.pem" # Set up the request: API_METHOD="POST" API_CALL="api/v3/order" API_PARAMS="symbol=BTCUSDT&side=SELL&type=LIMIT&timeInForce=GTC&quantity=1&price=0.2" # Sign the request: timestamp=$(date +%s000) api_params_with_timestamp="$API_PARAMS×tamp=$timestamp" signature=$(echo -n "$api_params_with_timestamp" \ | openssl dgst -sha256 -sign "$PRIVATE_KEY_PATH" \ | openssl enc -base64 -A) # Send the request: curl -H "X-MBX-APIKEY: $API_KEY" -X "$API_METHOD" \ "https://testnet.binance.vision/$API_CALL?$api_params_with_timestamp" \ --data-urlencode "signature=$signature"
What are Ed25519 API keys?
Ed25519 API keys are an alternative to RSA API keys, using asymmetric cryptography to authenticate your requests on the Spot API.
Like RSA API keys, Ed25519 keys are asymmetric: you generate a keypair, share the public key with Binance, and use your private key to sign requests.
Why use Ed25519 instead of RSA API keys?
Ed25519 digital signature scheme provides security comparable to 3072-bit RSA keys, while having much smaller signatures that are faster to compute:
| API key type | Signature size | Signature operation |
|---|---|---|
| HMAC-SHA-256 | 64 bytes | 0.00 ms |
| Ed25519 | 88 bytes | 0.03 ms |
| RSA (2048-bit) | 344 bytes | 0.55 ms |
| RSA (4096-bit) | 684 bytes | 3.42 ms |
How can I use Ed25519 API keys?
Step 1: Generate the private key test-prv-key.pem.
Do not share this file with anyone!
openssl genpkey -algorithm ed25519 -out test-prv-key.pem
Step 2: Compute the public key test-pub-key.pem from the private key.
openssl pkey -pubout -in test-prv-key.pem -out test-pub-key.pem
The public key should look something like this:
-----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEACeCSz7VJkh3Bb+NF794hLMU8fLB9Zr+/tGMdVKCC2eo= -----END PUBLIC KEY-----
Step 3: Register your public key on the Spot Test Network.
During registration, we will generate an API key for you.
Please put it in the X-MBX-APIKEY header of your requests,
exactly the same way as with other API key types.
Step 4: When you send a request to the Spot Test Network, sign the payload using your private key.
Here is an example in Python that posts a new order signed with Ed25519 key. You can adapt it to your favorite programming language.
#!/usr/bin/env python3
import base64
import requests
import time
from cryptography.hazmat.primitives.serialization import load_pem_private_key
# Set up authentication
API_KEY='put your own API Key here'
PRIVATE_KEY_PATH='test-prv-key.pem'
# Load the private key.
# In this example the key is expected to be stored without encryption,
# but we recommend using a strong password for improved security.
with open(PRIVATE_KEY_PATH, 'rb') as f:
private_key = load_pem_private_key(data=f.read(),
password=None)
# Set up the request parameters
params = {
'symbol': 'BTCUSDT',
'side': 'SELL',
'type': 'LIMIT',
'timeInForce': 'GTC',
'quantity': '1.0000000',
'price': '0.20',
}
# Timestamp the request
timestamp = int(time.time() * 1000) # UNIX timestamp in milliseconds
params['timestamp'] = timestamp
# Sign the request
payload = '&'.join([f'{param}={value}' for param, value in params.items()])
signature = base64.b64encode(private_key.sign(payload.encode('ASCII')))
params['signature'] = signature
# Send the request
headers = {
'X-MBX-APIKEY': API_KEY,
}
response = requests.post(
'https://testnet.binance.vision/api/v3/order',
headers=headers,
data=params,
)
print(response.json())