◈ ⌘ api · Intermediate
Kraken Futures API Authentication: Complete Setup Guide
Learn how to authenticate with Kraken Futures API, manage API keys, understand fees, and build trading bots with working Python code examples.
◈ Contents
Setting up Kraken Futures API authentication is one of those things that looks intimidating until you actually do it once. The signature scheme is HMAC-SHA512 — more involved than what you'd see on Binance or Bybit, but once you understand the pattern, it clicks fast. This guide walks through the full setup: generating keys, building authenticated requests, handling errors, and checking exchange status programmatically.
What Is an API Key on Kraken and Why It Matters
An API key on Kraken is a credential pair — a public key and a private key — that lets your code act on your behalf without exposing your account password. The public key identifies who you are; the private key signs each request to prove it came from you. Kraken Futures uses a separate API infrastructure from Kraken Spot, so even if you already have Spot API keys, you need to generate new ones specifically for the futures environment at futures.kraken.com.
The distinction matters more than it seems. Platforms like Bybit and OKX give you a single unified API key that covers both spot and derivatives. Kraken keeps them isolated. This is actually safer — a compromised futures key can't drain your spot wallet — but it does mean more key management overhead if you're running multiple strategies.
- Log into futures.kraken.com (not the main kraken.com portal)
- Navigate to Settings → API Keys
- Create a new key and assign only the permissions your bot needs
- Store the private key immediately — Kraken shows it once
- Never commit API keys to git — use environment variables or a secrets manager
Kraken's private key is shown only once at creation time. If you lose it, you must revoke the key and generate a new one. Screenshot it into a password manager the moment it appears.
How Kraken Futures API Authentication Works
Kraken Futures uses a challenge-based HMAC-SHA512 signature scheme. Every authenticated request requires you to sign a message constructed from the endpoint path, a nonce, and the POST body. The nonce must be strictly increasing — most implementations use a millisecond timestamp. The signature is then Base64-encoded and passed as an HTTP header alongside your public API key.
The signing flow is: concatenate the POST body with the nonce and the endpoint path, hash that string with SHA-256, then HMAC-sign the hash using your private key decoded from Base64, and finally Base64-encode the resulting HMAC digest. It sounds like a lot, but once you wrap it in a helper function you never think about it again.
import hashlib
import hmac
import base64
import time
import urllib.parse
import requests
API_KEY = "your_public_api_key"
API_SECRET = "your_private_api_key" # Base64-encoded
def sign_request(endpoint: str, post_data: str, nonce: str) -> str:
"""
Generate HMAC-SHA512 signature for Kraken Futures API.
endpoint: e.g. '/derivatives/api/v3/sendorder'
"""
message = post_data + nonce + endpoint
sha256_hash = hashlib.sha256(message.encode('utf-8')).digest()
secret_bytes = base64.b64decode(API_SECRET)
signature = hmac.new(secret_bytes, sha256_hash, hashlib.sha512).digest()
return base64.b64encode(signature).decode('utf-8')
def get_nonce() -> str:
return str(int(time.time() * 1000))
def authenticated_request(endpoint: str, params: dict) -> dict:
nonce = get_nonce()
post_data = urllib.parse.urlencode(params)
signature = sign_request(endpoint, post_data, nonce)
headers = {
"APIKey": API_KEY,
"Nonce": nonce,
"Authent": signature,
"Content-Type": "application/x-www-form-urlencoded"
}
base_url = "https://futures.kraken.com"
response = requests.post(base_url + endpoint, headers=headers, data=post_data)
response.raise_for_status()
return response.json()
Placing Orders and Reading Account State
With authentication working, the most common operations are fetching your account balances, placing orders, and reading open positions. Kraken Futures exposes these through a clean REST API at futures.kraken.com/derivatives/api/v3. The account endpoint gives you margin balances across all collateral currencies; the sendorder endpoint handles both market and limit orders.
# Fetch account balances
def get_account_balances() -> dict:
endpoint = "/derivatives/api/v3/accounts"
return authenticated_request(endpoint, {})
# Place a limit order on BTC perpetual
def place_limit_order(
symbol: str,
side: str, # 'buy' or 'sell'
size: float,
limit_price: float
) -> dict:
endpoint = "/derivatives/api/v3/sendorder"
params = {
"orderType": "lmt",
"symbol": symbol, # e.g. 'PI_XBTUSD'
"side": side,
"size": size,
"limitPrice": limit_price
}
return authenticated_request(endpoint, params)
# Example usage
if __name__ == "__main__":
balances = get_account_balances()
print("Account balances:", balances.get("accounts", {}))
order_result = place_limit_order(
symbol="PI_XBTUSD",
side="buy",
size=1,
limit_price=60000.0
)
print("Order result:", order_result)
# Expected: {"result": "success", "sendStatus": {"status": "placed", "order_id": "..."} }
One thing that trips people up: Kraken Futures uses its own symbol naming convention. BTC perpetual is PI_XBTUSD, ETH perpetual is PI_ETHUSD. Compare this to Binance where BTC perpetual is BTCUSDT and on OKX it's BTC-USDT-SWAP. Always check the instrument list endpoint before hardcoding symbols — it returns all active contracts with their exact names.
Checking Kraken Futures Status and Handling Errors
Before your bot makes any live trade, it should check whether the exchange is operational. Kraken publishes a public status endpoint that requires no authentication. Kraken futures status changes — from online to cancel_only during high volatility, for example — can invalidate your entire strategy in seconds. Poll this before the trading session starts and ideally monitor it in a background thread.
import requests
from enum import Enum
class ExchangeStatus(Enum):
ONLINE = "online"
CANCEL_ONLY = "cancel_only"
POST_ONLY = "post_only"
LIMIT_ONLY = "limit_only"
OFFLINE = "offline"
def get_exchange_status() -> dict:
"""Public endpoint — no auth required."""
url = "https://futures.kraken.com/derivatives/api/v3/instruments"
response = requests.get(url, timeout=5)
response.raise_for_status()
data = response.json()
# Extract status per instrument
statuses = {}
for instrument in data.get("instruments", []):
symbol = instrument.get("symbol")
status = instrument.get("tradeable", False)
statuses[symbol] = "online" if status else "offline"
return statuses
def safe_trade_check(symbol: str) -> bool:
"""Return True only if symbol is actively tradeable."""
try:
statuses = get_exchange_status()
return statuses.get(symbol) == "online"
except requests.RequestException as e:
print(f"Status check failed: {e}")
return False # Fail safe — don't trade if we can't verify
# Error handling for authenticated requests
def handle_api_error(response_json: dict) -> None:
result = response_json.get("result")
if result != "success":
error = response_json.get("error", "unknown error")
raise ValueError(f"Kraken API error: {error}")
Robust error handling separates hobby scripts from production bots. Kraken's API returns a result field set to either 'success' or 'error', with a separate error field explaining what went wrong. Common errors include 'apiLimitExceeded' (you're hitting rate limits), 'authenticationError' (bad signature, usually a nonce issue), and 'insufficientAvailableFunds'. Handle each category differently: rate limit errors should trigger a backoff, auth errors should alert you immediately, and insufficient funds should halt the strategy.
Kraken Futures Fees: What Your Bot Pays Per Trade
Kraken futures fees use a maker-taker model. As of 2025, taker fees on the perpetual contracts run at 0.05% and maker fees sit at 0.02% — meaning limit orders that add liquidity get a discount versus market orders that take it. For a bot placing thousands of orders, this difference compounds significantly. Strategies that run primarily on limit orders on Kraken are materially more cost-efficient than the same logic running as market orders on Binance or Bitget.
| 30-Day Volume (USD) | Maker Fee | Taker Fee |
|---|---|---|
| < $1M | 0.02% | 0.05% |
| $1M – $5M | 0.015% | 0.04% |
| $5M – $10M | 0.01% | 0.035% |
| $10M – $50M | 0.005% | 0.03% |
| > $50M | 0.00% | 0.025% |
Funding rates are a separate cost layer on perpetuals — paid every 4 hours on Kraken. Your bot should fetch the current funding rate before entering a large position, especially if you intend to hold overnight. Platforms like OKX and Bybit fund every 8 hours, so Kraken's 4-hour cycle means 2x the funding exposure for the same holding period. Factor this into your backtests or your live P&L will look puzzlingly worse than expected.
For real-time signal context alongside your Kraken bot — order flow imbalance, large trade alerts, funding rate spikes — VoiceOfChain aggregates live data across exchanges and surfaces actionable signals directly to your dashboard or Telegram.
Frequently Asked Questions
What is an API key on Kraken and how is it different from a password?
An API key is a credential pair (public + private key) that grants programmatic access to your account without sharing your login password. You can create multiple keys with different permission levels — for example, a read-only key for monitoring and a trading key for your bot — and revoke any of them independently if compromised.
Why does my Kraken Futures API authentication keep failing?
The most common cause is a stale or out-of-order nonce — your nonce must be strictly increasing with each request, and millisecond timestamps are the standard approach. Also verify you're using the Futures API keys (from futures.kraken.com), not your Spot keys, and that you're Base64-decoding the private key before using it in the HMAC computation.
How do I check Kraken Futures status before my bot starts trading?
Hit the public /derivatives/api/v3/instruments endpoint — it requires no authentication and returns the current tradeable state for every contract. Your bot should check this at startup and treat any non-'tradeable' status as a signal to halt, since Kraken can switch instruments to cancel-only mode during extreme volatility.
Are Kraken Futures fees competitive compared to Binance or OKX?
At the base tier, Kraken's 0.05% taker fee is on par with Binance Futures (0.05%) and slightly higher than OKX (0.02–0.05% depending on tier). However, Kraken's maker fee of 0.02% is comparable. The real advantage for systematic traders is Kraken's fee tier structure, which rewards high-volume market makers with zero maker fees above $50M monthly volume.
Can I use one Kraken API key for both spot and futures trading?
No — Kraken Spot and Kraken Futures are separate platforms with separate API key systems. You must generate futures-specific keys at futures.kraken.com. This isolation is a security feature: a compromised futures key has no access to your spot wallet.
What permissions should I enable when creating a Kraken Futures API key?
Enable only what your bot actually needs. For a trading bot: 'trade' permission for placing and cancelling orders, plus 'query' for reading balances and positions. Avoid enabling 'withdraw' unless absolutely necessary — if the key is ever compromised, this limits the damage to trading losses rather than fund theft.
Putting It All Together
Kraken Futures API authentication has a steeper initial curve than what you'd encounter setting up on Binance or Gate.io, but the underlying logic is sound and the implementation becomes muscle memory quickly. The HMAC-SHA512 signature scheme, once wrapped in a reusable helper, stops being something you think about. What matters after that is the trading logic itself — and on that front Kraken gives you solid infrastructure: low latency WebSocket feeds, a clean REST API for order management, and fee tiers that reward active traders.
Build defensively: check exchange status before each session, handle authentication errors with immediate alerts, and respect the nonce discipline that the API demands. Pair your execution layer with a signal source — whether that's your own indicators or an aggregator like VoiceOfChain that monitors order flow and large trades across exchanges in real time — and you have the foundation of a production-grade automated trading system.