◈ ⌂ exchanges · Intermediate
Binance Subaccount Permissions: Complete Setup Guide
Master Binance subaccount permissions to isolate risk, delegate API access, and manage multiple trading strategies safely across spot, futures, and margin.
◈ Contents
- → What Are Binance Subaccounts?
- → Breaking Down Subaccount Permission Types
- → Configuring API Keys Inside a Subaccount
- → Fund Transfers and Isolation Strategy
- → Security Best Practices for Subaccount Permissions
- → Monitoring Subaccounts and Catching Issues Early
- → Frequently Asked Questions
- → Putting It Together
Running multiple trading strategies from a single Binance account is a recipe for chaos. One rogue bot bleeds into your spot holdings, a margin call wipes positions you didn't intend to close, and your API keys have access to everything whether you like it or not. Binance subaccounts solve this — but only if you configure the permissions correctly. Whether you're a solo trader running three different strategies or a small fund delegating access to team members, understanding exactly what each permission toggle does is the difference between clean execution and an expensive mistake.
What Are Binance Subaccounts?
Binance subaccounts are separate trading accounts that live under a single master account. They share the same KYC verification but operate with independent balances, API keys, and trading permissions. The master account controls fund transfers between subaccounts and sets the permission boundaries for each one. Think of the master as a parent company and each subaccount as a separate department with its own budget and access card.
Binance offers subaccounts to verified users, with the number of subaccounts scaling based on your trading volume tier. Spot, margin, futures (both USDⓈ-M and COIN-M), and options accounts can each exist independently within a subaccount. This granular structure is something platforms like Bybit and OKX also offer, but Binance's implementation gives particularly fine-grained control over what each subaccount can and cannot do.
Subaccounts are not available to all users by default. You need to contact Binance support or meet volume requirements to unlock the feature. Institutional and VIP users typically get access faster.
Breaking Down Subaccount Permission Types
Every Binance subaccount has two layers of permissions: account-level permissions that determine what markets the subaccount can access, and API-level permissions that control what an API key created inside that subaccount can do. Conflating these two layers is where most traders get into trouble.
At the account level, the master account can enable or disable: spot and margin trading, USDⓈ-M futures, COIN-M futures, European options, and leveraged token trading. Disabling futures at the account level means no API key generated in that subaccount can touch futures — regardless of what permissions you grant the key itself. This is your first line of defense.
| Permission Layer | Set By | Controls | Can Be Overridden? |
|---|---|---|---|
| Account-level market access | Master account | Which markets subaccount can trade | No — hard ceiling |
| API key — Read | Subaccount | View balances, orders, history | N/A |
| API key — Spot trading | Subaccount | Place/cancel spot & margin orders | Only within account permissions |
| API key — Futures trading | Subaccount | Place/cancel futures orders | Only if futures enabled at account level |
| API key — Withdrawals | Subaccount | Initiate withdrawals (if master allows) | Requires explicit master approval |
| API key — Transfer | Subaccount | Move funds between subaccounts | Restricted by master whitelist |
| IP restriction | Subaccount | Limits key usage to specific IPs | No override — hard block |
Configuring API Keys Inside a Subaccount
Each subaccount can generate its own API keys independently from the master account. This is the feature that makes subaccounts genuinely powerful for bot traders. Your scalping bot gets a key with spot trading enabled and a strict IP whitelist. Your hedging bot running futures gets a separate key in a separate subaccount with only USDⓈ-M futures permissions. Neither key can touch the other's funds.
When creating an API key inside a subaccount, you'll see five permission checkboxes: Read Info (always on), Enable Spot & Margin Trading, Enable Futures, Enable Vanilla Options, and Enable Withdrawals. The withdrawal permission is the most dangerous one — only enable it if your bot explicitly needs to move funds out, and always pair it with IP restriction. A key with withdrawal permissions and no IP whitelist is a liability regardless of how secure you think your setup is.
from binance.client import Client
# Subaccount API key — futures only, no withdrawals
client = Client(
api_key='SUBACCOUNT_API_KEY',
api_secret='SUBACCOUNT_API_SECRET'
)
# This will work — futures enabled on this subaccount key
futures_balance = client.futures_account_balance()
# This will raise an exception — spot not enabled on this key
try:
spot_balance = client.get_account()
except Exception as e:
print(f'Permission denied: {e}')
# Check subaccount permissions programmatically (master key required)
master_client = Client('MASTER_KEY', 'MASTER_SECRET')
subaccounts = master_client.get_sub_account_list()
for sub in subaccounts['subAccounts']:
print(sub['email'], sub['isFreeze'])Always test a new subaccount API key with read-only operations first. Verify you're hitting the correct account before enabling trading permissions. A misconfigured key pointed at the wrong subaccount can execute trades you didn't intend.
Fund Transfers and Isolation Strategy
The entire point of subaccounts collapses if you don't think carefully about fund flow. By default, subaccounts cannot withdraw to external addresses — all fund movement goes through the master account. This is actually a security feature, not a limitation. Your bot's subaccount getting compromised means an attacker can trade freely but cannot move funds out of Binance without hitting the master account's withdrawal controls.
Transfers between subaccounts happen via the master account's transfer interface, or programmatically through the master API key using the sub-account transfer endpoints. You can also enable managed subaccounts where the master can deposit and withdraw from subaccounts but the subaccount itself cannot initiate outgoing transfers. This setup is popular with copy trading operations and small fund managers.
For strategy isolation, a clean setup looks like this: master account holds the reserve capital. Each strategy gets funded subaccount with exactly its risk allocation — nothing more. If a strategy goes to zero, it goes to zero in isolation. The master account and other subaccounts are untouched. Compare this to OKX's subaccount model, which works similarly but requires manual portfolio margin configuration if you want cross-margining between subaccounts.
| Feature | Binance | Bybit | OKX |
|---|---|---|---|
| Subaccount withdrawals blocked by default | Yes | Yes | Yes |
| Master-controlled fund transfers | Yes | Yes | Yes |
| Subaccount-initiated internal transfer | Configurable | No | Configurable |
| Cross-subaccount margin sharing | No (isolated) | No (isolated) | Yes (portfolio margin) |
| API key per subaccount | Yes | Yes | Yes |
| IP whitelist on subaccount keys | Yes | Yes | Yes |
| Number of subaccounts (standard) | Up to 200 | Up to 20 | Up to 100 |
Security Best Practices for Subaccount Permissions
The most common mistake traders make is treating subaccount API keys with the same carelessness as read-only keys. A subaccount key with trading permissions is a live weapon pointed at real money. Three rules that should be non-negotiable: IP whitelisting on every key that has trading or withdrawal permissions, minimum necessary permissions for each key, and regular key rotation.
- Always enable IP restriction on keys with trading permissions — lock them to your server's static IP
- Never enable withdrawals on a key unless your bot architecture explicitly requires it
- Use read-only keys for monitoring dashboards and analytics — never reuse a trading key
- Set up Binance's anti-phishing code and confirm it appears in all account emails
- Review active API keys monthly — delete anything that isn't actively in use
- Use a hardware security key (YubiKey) for 2FA on the master account, not SMS
- Monitor subaccount activity via VoiceOfChain or similar platforms to catch unusual order patterns early
- Never store API keys in code repositories — use environment variables or a secrets manager
For teams or fund managers, the master account should be treated as a privileged system account — used only for transfers and permission management, never for active trading. Create a separate subaccount for any manual trading the master account holder wants to do personally. This keeps the audit trail clean and prevents accidental master-level actions during fast market conditions.
| Use Case | Spot Trading | Futures | Withdrawals | IP Restriction | Notes |
|---|---|---|---|---|---|
| Spot DCA bot | Yes | No | No | Required | Lock to bot server IP |
| Futures scalping bot | No | Yes | No | Required | Subaccount futures only |
| Portfolio monitor / analytics | No | No | No | Recommended | Read-only, no IP needed technically but still good practice |
| Copy trading subaccount | Yes | Yes | No | Recommended | Managed by master transfers |
| Team member access | Yes | Depends | No | Required | Use managed subaccount model |
| Arbitrage bot (multi-exchange) | Yes | No | Yes | Required | Withdrawal to whitelisted address only |
Monitoring Subaccounts and Catching Issues Early
Subaccounts with active API keys need active monitoring. A bot can misbehave silently — accumulating a losing position, churning through fees, or stalling entirely. Binance's built-in dashboard gives you a consolidated view of subaccount balances, but it doesn't alert you to unusual behavior. That's where external signal monitoring becomes valuable.
VoiceOfChain provides real-time order flow signals that can help you contextualize whether your bot's trades are aligned with broader market activity. If your subaccount is running a momentum strategy and VoiceOfChain's signals show a sharp divergence in buy/sell pressure, that's a signal worth acting on — not just leaving to the bot. Treating signal platforms as a complement to automated trading, rather than a replacement for oversight, is the professional approach.
For programmatic monitoring, the master account API can pull consolidated subaccount balance snapshots, trade history per subaccount, and transfer logs. Build a simple daily reconciliation script that compares expected balances against actual balances. Any discrepancy over a threshold triggers an alert. This catches everything from bugs in your bot logic to unauthorized trades if a key is compromised.
import requests
import hmac
import hashlib
import time
def get_subaccount_balances(master_key, master_secret):
"""Pull all subaccount spot balances via master account."""
base_url = 'https://api.binance.com'
endpoint = '/sapi/v1/sub-account/spotSummary'
timestamp = int(time.time() * 1000)
params = f'timestamp={timestamp}'
signature = hmac.new(
master_secret.encode(),
params.encode(),
hashlib.sha256
).hexdigest()
headers = {'X-MBX-APIKEY': master_key}
url = f'{base_url}{endpoint}?{params}&signature={signature}'
response = requests.get(url, headers=headers)
data = response.json()
for sub in data.get('subAccounts', []):
print(f"Email: {sub['email']} | BTC value: {sub['totalAssetOfBtc']}")
return data
# Run daily reconciliation
balances = get_subaccount_balances('YOUR_MASTER_KEY', 'YOUR_MASTER_SECRET')Frequently Asked Questions
Can a Binance subaccount withdraw funds to an external wallet?
By default, subaccounts cannot withdraw to external addresses. Withdrawals must go through the master account, which acts as a gatekeeper. You can enable withdrawal permissions on a subaccount API key, but this only allows transfers to pre-whitelisted addresses that the master account has approved. This design significantly limits the damage if a subaccount API key is compromised.
How many subaccounts can I create on Binance?
Standard verified users can create up to 200 subaccounts, though this limit may vary based on your account tier and region. Institutional clients may have higher limits arranged through Binance's institutional desk. Compare this to Bybit, which caps standard users at 20, making Binance notably more flexible for complex multi-strategy setups.
Do subaccount API keys share rate limits with the master account?
No — each subaccount has its own independent rate limit bucket. This is one of the key operational advantages of subaccounts over a single account with multiple API keys. A bot hammering the API in one subaccount won't throttle requests from another subaccount or the master account.
Can I trade futures in a Binance subaccount?
Yes, but futures must be explicitly enabled at both the account level (by the master account) and the API key level (within the subaccount). If the master account hasn't enabled futures for that subaccount, creating an API key with futures permissions does nothing — the market access restriction takes precedence. Always verify both layers are configured correctly before deploying a futures bot.
Is there a fee difference when trading from a subaccount versus the master account?
Subaccounts inherit the master account's VIP fee tier, so your volume discounts apply across all subaccounts. However, volume from subaccounts may or may not count toward the master account's tier calculation depending on whether you've set up consolidated volume tracking — check Binance's current VIP program terms, as this has changed over time.
How do I revoke API access for a subaccount if a key is compromised?
Log into the subaccount directly (or via master account management) and navigate to API Management — you can delete any key immediately. As a secondary measure, the master account can freeze the entire subaccount instantly, which halts all trading and API activity for that subaccount while you investigate. Freezing is reversible; deleting a key is not, so freeze first if you're uncertain.
Putting It Together
Binance subaccount permissions aren't particularly complex once you understand the two-layer model: master account controls market access, subaccount controls API key granularity. The discipline is in actually using the system correctly — funding subaccounts with isolated capital, locking API keys to specific IPs, granting minimum necessary permissions, and monitoring activity consistently.
Platforms like Bybit and OKX offer similar subaccount architectures, and the conceptual approach transfers. But Binance's 200-subaccount ceiling and deep API coverage make it the most practical choice for traders running multiple automated strategies simultaneously. Pair that infrastructure with real-time signal monitoring from tools like VoiceOfChain, and you have a setup that's both operationally clean and informed by live market data.
The cost of misconfigured permissions is real — whether that's a compromised key with unnecessary withdrawal access or a futures bot accidentally hitting your spot balance. Spending an hour getting the configuration right the first time is orders of magnitude cheaper than the alternative.