50/50 chance on "Invalid API-key, IP, or permissions for action, request ip:"

Friends,

I created a JavaScript function to do signed GET requests, and my problem is that I have approx 50% chance that it works, or it gives a "“Invalid API-key, IP, or permissions for action, request ip: 1.2.3.4”

Just on doing the identical call, from the same IP, with the same API key/secret. Just doing ‘/fapi/v1/accountConfig’ via a “test” button and randomly I got a proper answer of a 401 error.

Does anyone recognise this random behavior?

This is my code:

async function BinanceGetS(request,params) { // Execute an Signed request at Binance
// request = ‘/v5/position/list’
// params = ‘category=linear&symbol=ADAUSDT’

// Create signature
const timestamp = (await BinanceGetU(‘/fapi/v1/time’,‘’)).serverTime
if (params.length > 0) {
params = params + ‘&recvWindow=5000&timestamp=’ + timestamp
} else {
params = ‘recvWindow=5000&timestamp=’ + timestamp
}
const signature = CryptoJS.HmacSHA256(params, APIsecret).toString()
params = params + ‘&signature=’ + signature

// Create url
try {
if (params.length > 0)
url = APIurl + request + ‘?’ + params
else
url = APIurl + request
} catch(e) {
url = APIurl + request
}

// Create header
const headers = {
“X-MBX-APIKEY”: APIkey,
“Content-Type”: ‘application/json; charset=utf-8’
}

// Do the request
const output = await fetch(url, {
method: ‘GET’,
headers: headers
})
.then(r => r.json())
.then((data) => {
// Check quality of the answer
if (data.code < 0) {
console.error (“BinanceGetS ERROR”, headers, data)
return “error”
} else {
return data
}
})
.catch(function(e) {
console.log(e)
return “error”
})

return output
}

  • API Key Permissions:
    Ensure that your API key has the necessary permissions for the actions you’re performing. Since you’re accessing /fapi/v1/accountConfig, make sure that Futures permissions are enabled for your API key.

  • IP Restrictions:
    If you’ve restricted your API key to specific IP addresses, confirm that all your requests originate from these whitelisted IPs.

  • Dynamic IPs: If your IP changes frequently (e.g., using a dynamic IP from an ISP or a VPN), consider removing IP restrictions temporarily to see if the issue persists. If it resolves the problem, you might need to implement a more stable IP solution or update the whitelist accordingly.

  • Implement Time Synchronization:
    Instead of making a separate API call to /fapi/v1/time each time, consider fetching the server time once and adjusting your system clock or calculating the offset.