ANY /binance/* Proxy requests to Binance API with automatic HMAC-SHA256 signing, per-order limits, daily volume caps, and endpoint restrictions. Designed for safe AI agent trading.
Authentication Does not require session authentication. Uses Binance API key and secret from the credential vault.
The proxy does not use session tokens. Configure your Binance API key and secret in the Fishnet credential vault. The proxy will automatically sign requests with HMAC-SHA256.
GET /binance/api/v3/ticker/price?symbol=BTCUSDT GET /binance/api/v3/klines?symbol=BTCUSDT&interval=1m POST /binance/api/v3/order DELETE /binance/api/v3/openOrders?symbol=BTCUSDT # Must start with /api or /sapi
The path after /binance is forwarded to the Binance API (default: https://api.binance.com).
Allowed Endpoints Read-only (no credentials)
GET /api/v3/ticker/* - Price tickersGET /api/v3/klines - Candlestick data
POST /api/v3/order - Place order (subject to limits)DELETE /api/v3/openOrders - Cancel all open orders (requires allow_delete_open_orders) Hard-blocked (always denied)
POST /sapi/v1/capital/withdraw/* - Withdrawals are permanently blocked All other endpoints are denied by default for security. Only market data and order placement are allowed.
Order Limits Fishnet enforces strict limits on order placement:
binance.max_order_value_usd
Maximum USD value per order. 0 = no limit. Enforced before sending to Binance.
binance.daily_volume_cap_usd
Maximum total USD volume per day (UTC). 0 = no limit. Uses global lock to prevent race conditions.
binance.allow_delete_open_orders
Allow DELETE /api/v3/openOrders (cancel all orders). Disabled by default for safety.
Supported Trading Pairs Only USD-quoted pairs are supported for value calculation:
*USDT (Tether)*USDC (USD Coin)*BUSD (Binance USD)*FDUSD (First Digital USD)
Orders for non-USD pairs (e.g., BTCETH) will be rejected.
Request Signing For non-read-only endpoints, Fishnet automatically:
Adds timestamp parameter (current Unix timestamp in milliseconds)
Adds recvWindow parameter (configured via binance.recv_window_ms)
Computes HMAC-SHA256 signature using your API secret
Appends signature parameter to query string
Adds X-MBX-APIKEY header with your API key
You do not need to sign requests yourself. Fishnet handles all signing automatically.
Order Value Calculation For POST /api/v3/order requests, Fishnet calculates USD value:
Quote order quantity (preferred):symbol=BTCUSDT"eOrderQty=100 # Value = $100.00
Price × quantity (for limit orders):symbol=ETHUSDC&price=2000&quantity=0.1 # Value = 2000 × 0.1 = $200.00
Market orders without price :symbol=BTCUSDT&quantity=0.01 # ERROR: missing price - use quoteOrderQty for market orders
Order values are rounded up to the nearest micro-dollar ($0.000001) for safety. This ensures agents cannot bypass limits with many tiny orders.
Examples curl (Market Data)
curl (Place Order)
Python (Trading Bot)
JavaScript
curl -X GET "http://localhost:3080/binance/api/v3/ticker/price?symbol=BTCUSDT"
Error Responses { "error" : "binance path must start with /api or /sapi" }
Invalid path format. { "error" : "missing symbol in binance order request" }
Required parameter missing from order. { "error" : "unsupported symbol for USD valuation: BTCETH. use a USD-quoted pair (USDT/USDC/BUSD/FDUSD)" }
Trading pair is not USD-quoted. { "error" : "binance proxy is disabled" }
Set binance.enabled = true in configuration. { "error" : "endpoint is hard-blocked by fishnet policy: withdrawals are disabled" }
Withdrawal endpoints are permanently blocked. { "error" : "endpoint blocked by default policy: DELETE /api/v3/openOrders" }
Set binance.allow_delete_open_orders = true to enable. { "error" : "order value $150.00 exceeds max_order_value_usd $100.00" }
Order exceeds per-order limit. { "error" : "daily binance volume cap exceeded: $950.00 + $75.00 > $1000.00" }
Order would exceed daily volume cap. { "error" : "binance endpoint is not allowed by policy" }
Endpoint is not in the allowed list. { "error" : "upstream provider is unavailable" }
Failed to connect to Binance API. Audit Log Entry Each proxied request creates an audit log entry with cost tracking:
{ "id" : 44 , "timestamp" : 1709510410000 , "intent_type" : "api_call" , "service" : "binance" , "action" : "POST /api/v3/order" , "decision" : "approved" , "reason" : null , "cost_usd" : 50.00 , "policy_version_hash" : "b2c3d4..." , "intent_hash" : "345678..." , "permit_hash" : null , "merkle_root" : "dcba98..." }
Retrieve via GET /api/audit?service=binance.
Configuration Add your Binance API credentials to the vault:
# Via Dashboard: Credentials > Add Credential # Service: binance, Name: api_key, Key: (your API key) # Service: binance, Name: api_secret, Key: (your API secret)
Or via API:
curl -X POST http://localhost:3080/api/credentials \ -H "Authorization: Bearer fn_sess_YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"service": "binance", "name": "api_key", "key": "YOUR_API_KEY"}' curl -X POST http://localhost:3080/api/credentials \ -H "Authorization: Bearer fn_sess_YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"service": "binance", "name": "api_secret", "key": "YOUR_API_SECRET"}'
Configure limits in fishnet.toml:
[ binance ] enabled = true max_order_value_usd = 100.0 daily_volume_cap_usd = 1000.0 allow_delete_open_orders = false recv_window_ms = 5000
Safety Features
Global order lock : Prevents race conditions when checking daily volume capRounding up : Order values rounded up to prevent micro-order bypassesHard-blocked withdrawals : Withdrawal endpoints permanently disabledUSD-only validation : Only USD-quoted pairs acceptedEndpoint allowlist : Only specific safe endpoints are permittedCredential override : Client cannot provide their own API keysAudit trail : Every request logged with cryptographic integrity