Bitso

Gibraltar

Bitso

Gibraltar

CoinGecko Trust 8/10·#46 rank·267 BTC vol 24h·Gibraltar·Est. 2014

Bitso verbinden

Melde dich an, um deine Börse zu verbinden und dein Portfolio automatisch zu tracken

Über Bitso

Bitso is a pioneering cryptocurrency exchange, recognized as the first platform to allow trading against the Mexican peso.

With a strong emphasis on security and regulatory compliance, Bitso aims to enhance financial inclusion by providing accessible cryptocurrency services in Latin America.

Editorial summary aggregated from CoinGecko and CoinMarketCap exchange profiles for Bitso, an exchange operating since 2014.

Bitso at a Glance

Key facts about Bitso compiled from verified market data and CoinGecko's exchange registry. These metrics help you evaluate liquidity, regulatory footprint and operational maturity before connecting a portfolio.

Trust Score: 8/10; Rank #46
24h Volume (normalized): 267 BTC
Active markets: 85 pairs
Available in: 1 jurisdictions; Gibraltar
Operating since: 2014; 12 years
Trading incentives: Not offered
CCXT integration: Supported; bitso
Data source: CoinGecko exchange registry

Handelszugang & Integration

Bitso is wired into Mantapex through the CCXT integration layer, so importing balances and trade history into a read-only portfolio requires an API key and a secret that you generate inside your own Bitso account. Because Mantapex never custodies your funds, the keys you create should be scoped to read access only — withdrawal, transfer and trading permissions are unnecessary for portfolio tracking and should remain disabled. The trust score and rank shown in the Quick Facts above are sourced from CoinGecko's exchange framework, which blends reported liquidity, web traffic patterns, regulatory posture and API health into a single signal — useful when comparing Bitso to peer venues, but never a substitute for your own due diligence. The headquarters jurisdiction shown above determines the regulatory framework, KYC tier and product mix Bitso can offer a given user, and that scope can change as licensing evolves. Verify eligibility and the local terms of service on the official site before opening an account. The operating history reflected above means there is a comparatively deep public trail of incidents, audits, fee schedules and product launches you can review when sizing Bitso against newer venues.

CCXT-kompatibel API-Schlüssel erforderlich API-Secret erforderlich Einrichtungsanleitung verfügbar

Connection metadata is read directly from Mantapex's CCXT integration manifest — credential requirements reflect what Bitso itself exposes to read-only API consumers and may evolve as the venue updates its API.

Getting Started with Bitso

1. You can find your "API setup" in your "Profile" section. On the left side you'll see a bar where it says "API". Click on it.

2. First of all, it's important that you enable your 2FA token to manage both your old & new API keys.

3. Once you've enabled your 2FA token, in the main screen of "API setup" you’ll find your active keys. If you haven't created any or this is the first time you're using the platform, the box will be empty. Click on the "Add new API key" green button.

4. Before creating your API key, you'll see a message regarding the importance of your information's security. Once you’ve read it, click on the box & the green button to continue.

5. You'll then see the screen where you can create your API. You'll be asked to give a name to your key. Choose one that will help you identify it faster.

6. Up next, on the same page, you'll find a button to restrict your IP addresses and also enable the permissions you want your key to have. You can enable the “Restrict use of IP addresses” button if you wish to. You have the option of adding up to 5 IP's. You can add either 1, 5 or none.

In this section, you will also find the permissions you allow your API keys to have.

7. On the next screen, you'll be asked to enter your 2FA token to continue. Once you've entered it correctly, you'll find your API key & secret. Make sure to store them safely because. Check on the box and then click on the "Go back to API setup" green button.

8. Congratulations! You've just added your key successfully and it's ready for you to use it. You just need to enter the “API Key” and “API Secret” data in your third party application in order to give them access to your account on our platform. It is important that you know that you can create up to 6 keys.

LEARN MORE

Required Credentials: API-Schlüssel Geheimer Schlüssel

Konto, Verwahrung & Sicherheit bei Bitso

Bitso operates as a custodial trading venue: when you fund an account, the deposited assets are held in wallets controlled by the exchange and credited to your balance as a book-entry until you withdraw them. That trade-off — convenience and order-book liquidity in exchange for counterparty risk — is the central design choice of every centralised exchange and is what makes platform-level security so important to evaluate. Bitso has been running its custody and matching infrastructure since 2014, which gives it 12 years of operational track record for users to review when judging incident history, fund-recovery policy and any insurance or reserve-fund coverage.

Almost every major centralised exchange — including Bitso — operates under some form of KYC ("Know Your Customer") and AML ("Anti-Money-Laundering") obligations imposed by the jurisdiction it serves. Bitso is reported with its operating entity in Gibraltar, so its baseline KYC programme follows that jurisdiction's rules — additional verification may still be requested for higher-tier withdrawal or fiat-on-ramp limits, and access to specific products can be restricted depending on where the user resides. Expect to provide a government-issued ID document and a recent proof-of-address at minimum; higher verification tiers may add liveness checks, source-of-funds questionnaires and accredited-investor confirmations.

For the specific case of connecting Bitso to Mantapex, the additional hardening layer is straightforward: generate a dedicated API key for read-only portfolio sync, label it clearly (for example "Mantapex read-only sync"), disable every permission except the minimum the exchange exposes for balance and trade-history queries, and store the secret in a password manager so you can rotate it on a schedule. If Bitso supports IP whitelisting and you connect from a stable address, restrict the key to that address. If you ever stop using Mantapex — or any other third-party dashboard — revoke the key on the exchange side rather than just deleting it from the dashboard, because the credential continues to authenticate against Bitso's API until Bitso itself invalidates it.

So verbinden Sie jede Börse sicher

Enable two-factor authentication on the exchange account itself before generating any API keys. The strongest options are hardware security keys (FIDO2 / WebAuthn devices such as YubiKey or Solo) where supported, followed by an authenticator app on a dedicated device (Aegis, Raivo, 1Password, or Google Authenticator); SMS-based 2FA is the weakest common method because of SIM-swap risk. Keep the recovery phrase or backup codes in offline cold storage rather than the same password manager you sign in with. Where the venue offers a withdrawal-address whitelist, turn it on: it shrinks the blast radius of a stolen key or hijacked session because funds can only leave to a pre-approved address after a cool-down. Pair that with anti-phishing codes, a dedicated email account, and alerts for new logins, withdrawal requests and API-key creation — most exchange-related losses originate from compromised individual accounts, not platform-wide breaches.

Security guidance on this page is generic exchange hardening that applies to every centralised crypto venue. For Bitso's exchange-specific policies — fund-segregation model, proof-of-reserves cadence, insurance coverage and incident-response history — the canonical references are Bitso's own Help Centre and any audit reports or attestations the venue publishes directly.

API-Zugangsdaten für Bitso

Connecting Bitso as a read-only portfolio source on Mantapex relies on the credentials defined by Bitso's own API. The matrix below mirrors exactly what the CCXT integration layer asks for — ticked rows mean the field is required to authenticate, untouched rows mean Bitso doesn't ask for that field at all.

API-Schlüssel

Public identifier that pairs your read-only access with your exchange account.

API-Secret

Private signing string used to authenticate each request — never share it.

API-Passphrase

Additional passphrase set when the key is created (KuCoin, OKX-style models).

Konto-UID

Numeric account identifier that some venues require alongside the API key.

Unterkonto-ID

Used when the venue scopes API access to a specific sub-account.

Anmeldename

A separate username distinct from email, used by a small number of CCXT-supported venues.

TOTP-/2FA-Secret

Time-based one-time-password seed for endpoints that demand a fresh 2FA code.

Privater Wallet-Schlüssel

Self-custody signing key — required only by DEX / on-chain integrations.

Wallet-Adresse

On-chain address tied to the private key for DEX-style integrations.

Bearer-Token

OAuth-style bearer token, occasionally used in place of an HMAC API key pair.

In short, Bitso requires 2 credentials to authenticate API requests: API-Schlüssel and API-Secret. All of these are generated from inside the exchange's own dashboard — Mantapex never asks you to share your account password or to set up an API key with withdrawal permissions enabled.

When you create the key on Bitso for use with Mantapex, restrict its permissions to read-only access (sometimes labelled "view", "read", "query" or "info"). Mantapex only needs to fetch balances, trade history and open positions. Withdrawal, trade-execution and transfer scopes should remain disabled. If Bitso offers a granular permission model, the safest combination is: enable "Read" or "View", disable "Trade" or "Spot trade", disable "Withdraw" or "Universal Transfer", and leave any margin / futures permission switched off unless you specifically want those positions visible inside your portfolio dashboard.

Some exchanges — Binance, OKX, Bybit, Bitget, KuCoin and several Asia-Pacific venues — offer an optional IP whitelist when you create the API key. Leaving the whitelist empty lets the key authenticate from any address, which is the simplest setup for use with a cloud-hosted dashboard such as Mantapex. If Bitso forces you to enter at least one IP and you don't have a static address, you can usually use a placeholder value the exchange recognises (for example "0.0.0.0/0" or the wildcard option) — consult Bitso's API documentation before relying on that workaround. Either way, the credentials remain in a read-only scope and cannot be used to move funds off the venue.

Credential schema sourced directly from the CCXT integration manifest used by Mantapex. Bitso may rotate or extend its API in the future — if the exchange asks for a credential not listed here when you create the key, you can safely ignore it for the purpose of a read-only Mantapex import.

Offizielle Ressourcen & Community für Bitso

The links below point to first-party Bitso properties. We track them so you can verify announcements, support channels and operator-published policies directly at the source rather than from third-party copies. External destinations open in a new tab and are marked nofollow per our resource-link policy.