BtcBox Exchange — Trust Score 0/10

BtcBox

CoinGecko·N/A rank·0 BTC vol 24h·N/A

Connect BtcBox

BtcBox at a Glance

Key facts about BtcBox compiled from verified market data and CoinGecko's exchange registry. These metrics help you evaluate liquidity, regulatory footprint and operational maturity before connecting a portfolio.

Trust Score: 0/10
Available in: 1 jurisdictions
Trading incentives: Not offered
CCXT integration: Supported; btcbox

Trading access & integration

BtcBox is wired into Mantapex through the CCXT integration layer, so importing balances and trade history into a read-only portfolio requires an API key and a secret that you generate inside your own BtcBox account. Because Mantapex never custodies your funds, the keys you create should be scoped to read access only — withdrawal, transfer and trading permissions are unnecessary for portfolio tracking and should remain disabled.

CCXT-compatible API key required API secret required Setup guide available

Connection metadata is read directly from Mantapex's CCXT integration manifest — credential requirements reflect what BtcBox itself exposes to read-only API consumers and may evolve as the venue updates its API.

Getting Started with BtcBox

Log In to Your BTCBOX Account

Navigate to BTCBOX and sign in with your credentials.

Access the API Key Management Section

Click on "Finance" in the top menu.
Select "Get API Key" from the dropdown.

Generate a New API Key

Fill in the required fields in the API key creation form.
Click the "Acquire" button to generate your API keys.

Securely Store Your API Credentials

After creation, your Public Key and Private Key will be displayed.
Important: The Private Key will only be displayed once. Ensure you securely save it, as it will not be shown again.

Set Permissions to Read-Only

In the API key management section, locate your newly created API key.
Click on "Edit" next to the key.
Set the authority to "Data Acquisition Authority" to restrict the key to read-only access.

LEARN MORE

Required Credentials: API Key Secret Key

Account, custody & security on BtcBox

BtcBox operates as a custodial trading venue: when you fund an account, the deposited assets are held in wallets controlled by the exchange and credited to your balance as a book-entry until you withdraw them. That trade-off — convenience and order-book liquidity in exchange for counterparty risk — is the central design choice of every centralised exchange and is what makes platform-level security so important to evaluate. Year of incorporation is not published in our index for BtcBox, so we cannot quote an exact operational tenure here — the venue's own About page is the authoritative reference.

Almost every major centralised exchange — including BtcBox — operates under some form of KYC ("Know Your Customer") and AML ("Anti-Money-Laundering") obligations imposed by the jurisdiction it serves. Jurisdictional details for BtcBox are not surfaced in our index, so consult the exchange's own Terms of Service and Help Centre for the canonical KYC matrix. Expect to provide a government-issued ID document and a recent proof-of-address at minimum; higher verification tiers may add liveness checks, source-of-funds questionnaires and accredited-investor confirmations.

For the specific case of connecting BtcBox to Mantapex, the additional hardening layer is straightforward: generate a dedicated API key for read-only portfolio sync, label it clearly (for example "Mantapex read-only sync"), disable every permission except the minimum the exchange exposes for balance and trade-history queries, and store the secret in a password manager so you can rotate it on a schedule. If BtcBox supports IP whitelisting and you connect from a stable address, restrict the key to that address. If you ever stop using Mantapex — or any other third-party dashboard — revoke the key on the exchange side rather than just deleting it from the dashboard, because the credential continues to authenticate against BtcBox's API until BtcBox itself invalidates it.

How to connect any exchange securely

Enable two-factor authentication on the exchange account itself before generating any API keys. The strongest options are hardware security keys (FIDO2 / WebAuthn devices such as YubiKey or Solo) where supported, followed by an authenticator app on a dedicated device (Aegis, Raivo, 1Password, or Google Authenticator); SMS-based 2FA is the weakest common method because of SIM-swap risk. Keep the recovery phrase or backup codes in offline cold storage rather than the same password manager you sign in with. Where the venue offers a withdrawal-address whitelist, turn it on: it shrinks the blast radius of a stolen key or hijacked session because funds can only leave to a pre-approved address after a cool-down. Pair that with anti-phishing codes, a dedicated email account, and alerts for new logins, withdrawal requests and API-key creation — most exchange-related losses originate from compromised individual accounts, not platform-wide breaches.

Security guidance on this page is generic exchange hardening that applies to every centralised crypto venue. For BtcBox's exchange-specific policies — fund-segregation model, proof-of-reserves cadence, insurance coverage and incident-response history — the canonical references are BtcBox's own Help Centre and any audit reports or attestations the venue publishes directly.

API access details for BtcBox

Connecting BtcBox as a read-only portfolio source on Mantapex relies on the credentials defined by BtcBox's own API. The matrix below mirrors exactly what the CCXT integration layer asks for — ticked rows mean the field is required to authenticate, untouched rows mean BtcBox doesn't ask for that field at all.

API key

Public identifier that pairs your read-only access with your exchange account.

API secret

Private signing string used to authenticate each request — never share it.

API passphrase

Additional passphrase set when the key is created (KuCoin, OKX-style models).

Account UID

Numeric account identifier that some venues require alongside the API key.

Sub-account ID

Used when the venue scopes API access to a specific sub-account.

A separate username distinct from email, used by a small number of CCXT-supported venues.

TOTP / 2FA secret

Time-based one-time-password seed for endpoints that demand a fresh 2FA code.

Wallet private key

Self-custody signing key — required only by DEX / on-chain integrations.

Wallet address

On-chain address tied to the private key for DEX-style integrations.

Bearer token

OAuth-style bearer token, occasionally used in place of an HMAC API key pair.

In short, BtcBox requires 2 credentials to authenticate API requests: API key and API secret. All of these are generated from inside the exchange's own dashboard — Mantapex never asks you to share your account password or to set up an API key with withdrawal permissions enabled.

When you create the key on BtcBox for use with Mantapex, restrict its permissions to read-only access (sometimes labelled "view", "read", "query" or "info"). Mantapex only needs to fetch balances, trade history and open positions. Withdrawal, trade-execution and transfer scopes should remain disabled. If BtcBox offers a granular permission model, the safest combination is: enable "Read" or "View", disable "Trade" or "Spot trade", disable "Withdraw" or "Universal Transfer", and leave any margin / futures permission switched off unless you specifically want those positions visible inside your portfolio dashboard.

Some exchanges — Binance, OKX, Bybit, Bitget, KuCoin and several Asia-Pacific venues — offer an optional IP whitelist when you create the API key. Leaving the whitelist empty lets the key authenticate from any address, which is the simplest setup for use with a cloud-hosted dashboard such as Mantapex. If BtcBox forces you to enter at least one IP and you don't have a static address, you can usually use a placeholder value the exchange recognises (for example "0.0.0.0/0" or the wildcard option) — consult BtcBox's API documentation before relying on that workaround. Either way, the credentials remain in a read-only scope and cannot be used to move funds off the venue.

Credential schema sourced directly from the CCXT integration manifest used by Mantapex. BtcBox may rotate or extend its API in the future — if the exchange asks for a credential not listed here when you create the key, you can safely ignore it for the purpose of a read-only Mantapex import.

Official resources & community for BtcBox

The links below point to first-party BtcBox properties. We track them so you can verify announcements, support channels and operator-published policies directly at the source rather than from third-party copies. External destinations open in a new tab and are marked nofollow per our resource-link policy.

BtcBox official website
btcbox.co.jp

Related exchanges & comparisons

Top exchanges by trust score

Binance

Cayman IslandsTrust 10.0/10234.6K BTC

Bybit

British Virgin IslandsTrust 10.0/1049.6K BTC

Gate.io

PanamaTrust 10.0/1047.4K BTC

Coinbase

United StatesTrust 10.0/1043.7K BTC

Coinbase

United StatesTrust 10.0/1043.7K BTC

Bitget

SeychellesTrust 10.0/1035.4K BTC

Kraken

United StatesTrust 10.0/1024.5K BTC

MEXC

SeychellesTrust 9.0/1070.2K BTC

Peer sets sourced from CoinGecko's trust-score ranking and CCXT's exchange manifest. Inclusion here is not an endorsement — it simply means Mantapex tracks the venue with current trust / volume data.

Data Disclaimer

Exchange data is sourced from third-party providers and may not reflect real-time conditions.

Your Exchange Portfolio — Free Forever

Connect read-only API keys to see balances, orders & trade history. Mix with wallets, Polymarket & Kalshi — one portfolio for everything.

Polymarket

Kalshi

50+ Chains

40+ Exchanges

DeFi

NFTs

16K+ Tokens

Read-only keys· Encrypted· No trading access