Eivind: Hi Elvind, Binance is now deleting keys without whitelisting IPs after 30 days as shown by their email:

API Key Security Protection in 2 Days Reminder

Your API Key ****** is not IP whitelisted and has been inactive for almost 30 days, it will be deleted in 2 days.

Visit API Management

To avoid this protective deletion, Binance recommends that you whitelist trusted IP address(es) for the API Key to improve your API security. Please do not disclose your API Key to anyone to avoid asset losses. Be aware that your API Key may be disclosed by authorizing it to a third-party platform.

This is an automated message, please do not reply.

Bluefate: Thanks! I searched on Binance's website and in their support documentation, but couldn't find anything that directly confirms this behaviour. I did find this (https://www.binance.com/en/support/announcement/updates-to-api-key-permission-rules-2021-07-26-11e4c2f44e7a47b9b5fc0e479c0b256f) from July 2021 that indicates some rules re. API key expiry in relation to trading permissions.

Can you confirm which permissions you have/had enabled on this particular API key?

Eivind: Sure. I made this key a long time ago maybe a year or more ago. Only "Enable Reading" is on. And IP address restrictions is "Unrestricted (Less Secure) This API key allows access from any IP address. This is not recommended."

This is my first time receiving this kind of email from Binance so it may be a new policy change or something - especially considering the recent issues with 3commas API keys leaking:

^This article says the API keys are being reviewed now in the last sentence: "Exchange API connections older than 90 days are being disabled by the company." as of November 2022.

Bluefate: do you see the same restrictions when creating a completely new set of API keys?

Eivind: Just tried making a new key, all the options are the same

Bluefate: alright. To clarify, is the API key in question that Binance is telling you they'll delete actually inactive or are you using it on CoinTracker?

I know this is a bit much to ask, but would it be possible for you to reach out to Binance support to clarify what is going on here? We will also reach out to Binance to ask through our channels, but would be good to check on both ends so to speak. Thanks in advance!

Eivind: Yes, I am actually actively using it on Cointracker so it is strange that they sent me an email. So I followed up with their support team just now.

They said "You can ignore this message, your API is secure and will not be deleted" and "It was a security mail send it to all users that dont have API key whitelisted, unfortunately, some users received even if they are using Read Only, sorry for the incovenience"

Bluefate: Thank you for reaching out to Binance, that was super helpful and confirms their policy!

As a token of our (and my personal gratitude) for doing this, I've gone ahead and added $30 worth of credits to your account. These are good towards any future tax plans.