Kraken trading bot: scoped keys, ccxt and the rate counter
Kraken is a long-running, compliance-first US exchange with one of the most mature public APIs in crypto. That makes it a solid home for a spot trading bot — but Kraken meters requests with an unusual call-rate counter that punishes bursty bots harder than a simple rate limit. This guide walks through scoped API keys, a ccxt connection, placing spot orders, and staying on the right side of that counter.
Why traders pick Kraken
- Regulatory standing — a US-registered exchange with a long uptime track record and clear fee tiers.
- Mature REST + WebSocket API — fully supported by
ccxt, so the same code patterns you learned on Binance carry over. - Deep spot books — good liquidity on BTC, ETH and SOL pairs for a bot that trades on the book, not against thin liquidity.
Prove your signal first on the backtester — Kraken is a fine venue, but no exchange rescues a strategy with no edge after fees.
Step 1 — scoped API keys
In Kraken's API settings, create a key and enable only what the bot needs: Query Funds, Query Open/Closed Orders and Create & Modify Orders. Leave Withdraw Funds permanently off.
A bot only needs to read balances and place trades. Disable withdrawals on the key, store the secret in an environment variable, and (if you have a static IP) restrict the key to it. A leaked trade-only key cannot drain your account.
Step 2 — connect with ccxt
python · kraken_connect.pyimport ccxt, os
ex = ccxt.kraken({
'apiKey': os.environ['KRAKEN_KEY'],
'secret': os.environ['KRAKEN_SECRET'],
'enableRateLimit': True, # ccxt throttles for you
})
bal = ex.fetch_balance()
print(bal['USD']['free'])
Step 3 — respect the call-rate counter
Kraken doesn't just cap requests per second — each private call adds to a counter that decays over time. Heavy calls (open orders, ledgers) add more; the counter has a ceiling, and crossing it gets you temporarily locked out. Poll sparingly and prefer WebSockets for live data.
Step 4 — place a spot order
python · kraken_order.pyif signal() == 'buy':
o = ex.create_market_buy_order('BTC/USD', 0.002)
print('filled', o['id'])
# for limit orders pass price and use create_limit_buy_order
Bound risk before you ever send an order. Run the numbers through the position calculator so a single trade risks no more than ~1% of the account.
Safe-start checklist
- Edge confirmed on the backtester after fees.
- Key: query + trade only, no withdrawals, IP-restricted.
- WebSocket for live data; light private polling.
- Tiny size first, then scale once the bot behaves for weeks.
- A drawdown kill switch that flattens and halts.
Frequently asked questions
Is Kraken good for trading bots?
Yes. Kraken is a long-established, compliance-focused US exchange with a mature REST and WebSocket API fully supported by ccxt. The main quirk is its call-rate counter, which penalizes bursty polling, so design the bot to poll sparingly and use WebSockets for live data.
Does Kraken have an API rate limit?
Yes, but it works as a decaying counter rather than a flat requests-per-second cap. Each private call adds to the counter and heavier calls add more; if you cross the ceiling you get temporarily locked out. Enable ccxt's rate limiter and avoid tight polling loops.
Can I run a Kraken bot for free?
The Kraken API itself is free; you only pay normal trading fees. ccxt is open-source, so a self-hosted Python or JavaScript bot costs nothing beyond a server. Backtest first on our free tool before risking capital.
How do I keep my Kraken API key safe?
Create the key with only Query and Trade permissions, never withdrawals, restrict it to your server's IP, and store the secret in an environment variable rather than in code. A trade-only key cannot move funds off the exchange even if leaked.