Beware of third-party mobile apps using Kraken's name or asking for your Kraken sign-in information. Such apps are form of phishing.
The API key is meant to be used as a one-time setup and not needed for daily sign-in. The app has an automatic lock screen that will use your phone's existing biometrics and password/pin to sign in.
Below are instructions on how to generate and use a key with settings tailored for the app.
1. Navigate to the API Key Management page
- Sign in to your Kraken account.
- Click on your name in the upper-right corner of the page.
- Click on "Settings" and then "API".
- Click on the "+ Generate New Key" button.
2. Generate a New Key
You only need to edit two sections. Everything else can be left as is.
- Key Description: Give the key a name you'll remember. We recommend "Kraken Pro Mobile App".
- Key Permissions: The only permissions needed for the app are described below. All the other permissions should be left unchecked.
|✓ Query funds||View your current balances|
|✓ Query ledger entries||View your balance history|
|✓ Query open orders & trades||View your current orders and margin positions|
|✓ Query closed orders & trades||View your order and margin position history|
|✓ Modify orders||Create a new order|
|✓ Cancel/close orders||Cancel an existing order|
3. View your Key
API keys consist of a public/private key pair, both of which must be provided to the Kraken Pro app.
The QR code contains BOTH the "API Key" and the "Private Key" together.
IMPORTANT: The "Private Key" and QR code should be treated the same way as your password! If they get into the wrong hands, your account can be compromised.
Also avoid copying and storing the private key outside of Kraken.com. There's no need to "back it up".
4. Scan your Key
You can now open up your Kraken Pro mobile app and scan the QR code. The QR code is the most secure and convenient way of communicating your API key and private key to the app.
If you rather not use your phone camera to scan the QR code, please be very careful with how you transfer the private key from your laptop to your phone. Emailing or messaging the private key to yourself is not secure unless it's encrypted and you are able to delete records of it.