What permissions to grant β and what to keep off
The minimum scope HalalCrypto needs is Enable Reading and Enable Spot & Margin Trading. The bot uses Reading to evaluate the universe and Spot Trading to place orders. Withdrawal must stay off: HalalCrypto never moves funds off your Binance account, and a withdrawal-enabled key is a much higher risk if compromised.
The IP allowlist matters
If your country supports it, paste the IP shown in your HalalCrypto dashboard into Binance's 'Restrict access to trusted IPs only' field. The IP allowlist means a leaked key is unusable from anywhere except the HalalCrypto bot β a massive reduction in attack surface. The dashboard updates this IP if our infrastructure ever changes.
What to do if Binance asks for additional verification
Binance occasionally adds extra verification when creating API keys (face scan, ID check). Complete it. The whole API Management area is gated behind their security flow β there is no way to bypass it.
If anything fails the connection test, the dashboard tells you exactly which permission is missing.