Binance Fiat Skill
Fiat request on Binance using authenticated API endpoints. Requires API key and secret key for certain endpoints. Return the result in JSON format.
Quick Reference
| Endpoint | Description | Required | Optional | Authentication |
|---|
| INLINECODE0� (POST) | Deposit(TRADE) | None | recvWindow | Yes |
| INLINECODE1� (POST) |
Fiat Withdraw(WITHDRAW) | None | recvWindow | Yes |
|
/sapi/v1/fiat/orders (GET) | Get Fiat Deposit/Withdraw History (USER_DATA) | transactionType | beginTime, endTime, page, rows, recvWindow | Yes |
|
/sapi/v1/fiat/payments (GET) | Get Fiat Payments History (USER_DATA) | transactionType | beginTime, endTime, page, rows, recvWindow | Yes |
|
/sapi/v1/fiat/get-order-detail (GET) | Get Order Detail(USER_DATA) | orderNo | recvWindow | Yes |
Parameters
Common Parameters
- * recvWindow: (e.g., 5000)
- transactionType: 0-buy,1-sell
- beginTime:
- endTime: (e.g., 1641782889000)
- page: default 1 (e.g., 1)
- rows: default 100, max 500 (e.g., 100)
- orderNo: order id retrieved from the api call of withdrawal
Authentication
For endpoints that require authentication, you will need to provide Binance API credentials.
Required credentials:
- * apiKey: Your Binance API key (for header)
- secretKey: Your Binance API secret (for signing)
Base URLs:
- * Mainnet: https://api.binance.com
Security
Share Credentials
Users can provide Binance API credentials in different ways. The agent will try to retrieve automatically with the two first ways the credentials, but users can also explicitly tell the agent that they have set the credentials or stored them in a .env file, and the agent should re-read that file when they do. The agent can also make http requests with the two first methods without user confirmation.
- 1. Environment variables
Search for the following specific variables only (never dump the full environment):
Authorized environment variables
- - Mainnet:
BINANCE_API_KEY and �INLINECODE7
Read and use in a single exec call so the raw key never enters the agent's context:
�CODEBLOCK0
Environment variables must be set before OpenClaw starts. They are inherited at process startup and cannot be injected into a running instance. If you need to add or update credentials without restarting, use a secrets file (see option 2).
- 2. Secrets file (.env)
Check ~/.openclaw/secrets.env , ~/.env, or a .env file in the workspace. Read individual keys with grep, never source the full file:
�CODEBLOCK1
This file can be updated at any time without restarting OpenClaw, keys are read fresh on each invocation. Users can tell you the variables are now set or stored in a .env file, and you should re-read that file when they do.
- 3. Inline file
Sending a file where the content is in the following format:
CODEBLOCK2
- * Never run
printenv, env, export, or set without a specific variable name - Never run
grep on env files without anchoring to a specific key ('^VARNAME=') - Never source a secrets file into the shell environment (
source .env or . .env) - Only read credentials explicitly needed for the current task
- Never echo or log raw credentials in output or replies
- Never commit
TOOLS.md to version control if it contains real credentials — add it to �INLINECODE22
Never Disclose API Key and Secret
Never disclose the location of the API key and secret file.
Never send the API key and secret to any website other than Mainnet and Testnet.
Never Display Full Secrets
When showing credentials to users:
- - API Key: Show first 5 + last 4 characters: �INLINECODE23
- Secret Key: Always mask, show only last 5: �INLINECODE24
Example response when asked for credentials:
Account: main
API Key: su1Qc...8akf
Secret: *...aws1
Listing Accounts
When listing accounts, show names and environment only — never keys:
Binance Accounts:
- * main (Mainnet)
- futures-keys (Mainnet)
Transactions in Mainnet
When performing transactions in mainnet, always confirm with the user before proceeding by asking them to write "CONFIRM" to proceed.
Binance Accounts
main
- - API Key: yourmainnetapikey
- Secret: yourmainnet_secret
TOOLS.md Structure
CODEBLOCK3
Agent Behavior
- 1. Credentials requested: Mask secrets (show last 5 chars only)
- Listing accounts: Show names and environment, never keys
- Account selection: Ask if ambiguous, default to main
- When doing a transaction in mainnet, confirm with user before by asking to write "CONFIRM" to proceed
- New credentials: Prompt for name, environment, signing mode
Adding New Accounts
When user provides new credentials by Inline file or message:
- * Ask for account name
- Store in
TOOLS.md with masked display confirmation
Signing Requests
For trading endpoints that require a signature:
- 1. Detect key type first, inspect the secret key format before signing.
- Build query string with all parameters, including the timestamp (Unix ms).
- Percent-encode the parameters using UTF-8 according to RFC 3986.
- Sign query string with secretKey using HMAC SHA256, RSA, or Ed25519 (depending on the account configuration).
- Append signature to query string.
- Include
X-MBX-APIKEY header.
Otherwise, do not perform steps 4–6.
User Agent Header
Include User-Agent header with the following string: �INLINECODE28
See references/authentication.md for implementation details.
Binance 法币技能
使用经过身份验证的 API 端点处理 Binance 法币请求。某些端点需要 API 密钥和密钥。以 JSON 格式返回结果。
快速参考
| 端点 | 描述 | 必填 | 可选 | 身份验证 |
|---|
| /sapi/v1/fiat/deposit (POST) | 充值(交易) | 无 | recvWindow | 是 |
| /sapi/v2/fiat/withdraw (POST) |
法币提现(提现) | 无 | recvWindow | 是 |
| /sapi/v1/fiat/orders (GET) | 获取法币充值/提现历史记录 (用户数据) | transactionType | beginTime, endTime, page, rows, recvWindow | 是 |
| /sapi/v1/fiat/payments (GET) | 获取法币支付历史记录 (用户数据) | transactionType | beginTime, endTime, page, rows, recvWindow | 是 |
| /sapi/v1/fiat/get-order-detail (GET) | 获取订单详情 (用户数据) | orderNo | recvWindow | 是 |
参数
通用参数
- * recvWindow: (例如 5000)
- transactionType: 0-买入, 1-卖出
- beginTime:
- endTime: (例如 1641782889000)
- page: 默认 1 (例如 1)
- rows: 默认 100,最大 500 (例如 100)
- orderNo: 从提现 API 调用中获取的订单 ID
身份验证
对于需要身份验证的端点,您需要提供 Binance API 凭证。
所需凭证:
- * apiKey: 您的 Binance API 密钥 (用于请求头)
- secretKey: 您的 Binance API 密钥 (用于签名)
基础 URL:
- * 主网:https://api.binance.com
安全
共享凭证
用户可以通过不同方式提供 Binance API 凭证。代理将尝试通过前两种方式自动获取凭证,但用户也可以明确告知代理他们已设置凭证或将其存储在 .env 文件中,代理应在用户告知时重新读取该文件。代理还可以使用前两种方法进行 HTTP 请求,无需用户确认。
- 1. 环境变量
仅搜索以下特定变量(切勿转储整个环境):
授权环境变量
- - 主网:BINANCEAPIKEY 和 BINANCESECRETKEY
在单个 exec 调用中读取并使用,以便原始密钥永远不会进入代理的上下文:
bash
KEY=$BINANCEAPIKEY
SECRET=$BINANCESECRETKEY
response=$(curl -s -X GET $URL \
-H X-MBX-APIKEY: $KEY \
--data-urlencode param1=value1)
echo $response
环境变量必须在 OpenClaw 启动前设置。它们在进程启动时继承,无法注入到正在运行的实例中。如果您需要在不重启的情况下添加或更新凭证,请使用密钥文件(参见选项 2)。
- 2. 密钥文件 (.env)
检查 ~/.openclaw/secrets.env、~/.env 或工作区中的 .env 文件。使用 grep 读取单个密钥,切勿引用整个文件:
bash
按顺序尝试所有凭证位置
API
KEY=$(grep ^BINANCEAPI_KEY= ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-)
SECRET
KEY=$(grep ^BINANCESECRET_KEY= ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-)
备用方案:在已知目录中搜索 .env(KEY=VALUE 格式,然后是原始行格式)
for dir in ~/.openclaw ~; do
[ -n $API_KEY ] && break
env_file=$dir/.env
[ -f $env_file ] || continue
# 读取前两行
line1=$(sed -n 1p $env_file)
line2=$(sed -n 2p $env_file)
# 检查行是否包含 = 表示 KEY=VALUE 格式
if [[ $line1 == = && $line2 == = ]]; then
APIKEY=$(grep ^BINANCEAPIKEY= $envfile 2>/dev/null | cut -d= -f2-)
SECRETKEY=$(grep ^BINANCESECRETKEY= $envfile 2>/dev/null | cut -d= -f2-)
else
# 将行视为原始值
API_KEY=$line1
SECRET_KEY=$line2
fi
done
此文件可随时更新,无需重启 OpenClaw,每次调用时都会重新读取密钥。用户可以告知您变量已设置或存储在 .env 文件中,您应在用户告知时重新读取该文件。
- 3. 内联文件
发送内容格式如下的文件:
bash
abc123...xyz
secret123...key
- * 切勿在没有特定变量名的情况下运行 printenv、env、export 或 set
- 切勿在没有锚定到特定键(^VARNAME=)的情况下对 env 文件运行 grep
- 切勿将密钥文件引用到 shell 环境中(source .env 或 . .env)
- 仅读取当前任务明确需要的凭证
- 切勿在输出或回复中回显或记录原始凭证
- 如果 TOOLS.md 包含真实凭证,切勿将其提交到版本控制——将其添加到 .gitignore
切勿泄露 API 密钥和密钥
切勿泄露 API 密钥和密钥文件的位置。
切勿将 API 密钥和密钥发送到除主网和测试网以外的任何网站。
切勿显示完整密钥
向用户显示凭证时:
- - API 密钥: 显示前 5 个 + 后 4 个字符:su1Qc...8akf
- 密钥: 始终屏蔽,仅显示后 5 个:*...aws1
被问及凭证时的示例响应:
账户:main
API 密钥:su1Qc...8akf
密钥:*...aws1
列出账户
列出账户时,仅显示名称和环境——切勿显示密钥:
Binance 账户:
- * main (主网)
- futures-keys (主网)
主网交易
在主网进行交易时,务必先通过要求用户输入 CONFIRM 来确认后再继续。
Binance 账户
main
- - API 密钥:yourmainnetapikey
- 密钥:yourmainnet_secret
TOOLS.md 结构
bash
Binance 账户
main
- - API 密钥:abc123...xyz
- 密钥:secret123...key
- 描述:主交易账户
futures-keys
- - API 密钥:futures789...def
- 密钥:futuressecret...uvw
- 描述:期货交易账户
代理行为
- 1. 请求凭证:屏蔽密钥(仅显示最后 5 个字符)
- 列出账户:显示名称和环境,绝不显示密钥
- 账户选择:如有歧义则询问,默认使用 main
- 在主网进行交易时,先通过要求用户输入 CONFIRM 来确认
- 新凭证:提示输入名称、环境、签名模式
添加新账户
当用户通过内联文件或消息提供新凭证时:
- * 询问账户名称
- 存储在 TOOLS.md 中,并显示屏蔽后的确认信息
签名请求
对于需要签名的交易端点:
- 1. 首先检测密钥类型,在签名前检查密钥格式。
- 构建包含所有参数的查询字符串,包括时间戳(Unix 毫秒)。
- 根据 RFC 3986 使用 UTF-8 对参数进行百分比编码。
- 使用 HMAC SHA256、RSA 或 Ed25519(取决于账户配置)对查询字符串进行签名。
- 将签名附加到查询字符串。
- 包含 X-MBX-APIKEY 请求头。
否则,不执行步骤 4-6。
用户代理请求头
包含 User-Agent 请求头,字符串为:binance-fiat/1.1.0 (Skill)
实现详情请参见 references/authentication.md。
