Yes โ IP whitelisting is highly recommended and considered a critical security best practice when running MagicTradeBot.
You should always whitelist the public IP address of the server or PC where MagicTradeBot is running in your exchange API key settings.
Why IP whitelisting is important
IP whitelisting ensures that only your trusted machine can use the API keys, even if the keys are accidentally leaked or exposed.
With IP whitelisting enabled:
- API keys will not work from any other IP
- Unauthorized access attempts are automatically blocked
- The risk of account compromise is drastically reduced
Without IP whitelisting:
- Anyone who obtains your API key and secret can place trades
- Your account becomes vulnerable to misuse or automated attacks
How IP whitelisting protects MagicTradeBot users
MagicTradeBot operates continuously and requires stable API access. Whitelisting:
- Prevents malicious trade execution from unknown locations
- Protects against stolen credentials
- Ensures that only your bot instance can interact with the exchange
- Adds a strong security layer without affecting bot performance
๐ Even if you use environment variables or encrypted storage, IP whitelisting adds an extra layer of defense that cannot be bypassed.
What IP address should be whitelisted?
Cloud server (VPS / dedicated server) โ Whitelist the serverโs public IPv4 address
Home or office PC โ Whitelist your current public IP (Note: residential IPs may changeโcloud servers are recommended)
Docker / containerized setup โ Whitelist the host machineโs public IP
Exchange-side configuration
All major exchanges supported by MagicTradeBot allow IP whitelisting, including:
- Binance
- Bybit
- OKX
- Bitget
- Hyperliquid
In the exchange dashboard:
- Create or edit an API key
- Enable IP restriction / whitelist
- Add your serverโs public IP
- Save and confirm changes
What happens if IP whitelisting is misconfigured?
- API calls will be rejected
- Orders will fail to place
- MagicTradeBot will log authentication or permission errors
- No trades will execute until the correct IP is whitelisted
Best-practice checklist
- โ Always whitelist your server or VPS IP
- โ Use a static IP whenever possible
- โ Disable withdrawal permissions on API keys
- โ Combine IP whitelisting with environment variables
- โ Never use unrestricted API keys in production
โ Key takeaway
IP whitelisting is one of the most effective security measures you can take when running MagicTradeBot. It protects your trading account even if credentials are compromised and is strongly recommended for all live-trading setups.
๐ Related Topics
- Where should I store exchange API keys for maximum security?
- What API permissions are required for MagicTradeBot to work?
- Why should withdrawal permissions never be enabled for bot API keys?
- Can MagicTradeBot work without storing API keys in application.yaml?
- How do environment variables override API keys in the config file?