[binance-connector-python] ClientError returns listening key even if API secret is wrong

I’ve looked into open and closed issues, without finding anything unfortunately.

When I create a new Client instance and pass a wrong API secret, response returns listening key like it was checking only API key correctness and ignoring API secret.
Why this behaviour?

from binance.websocket.spot.websocket_client import SpotWebsocketClient
from binance.spot import Spot as Client
from binance.error import ClientError

client = Client(api_key, api_secret, base_url='https://api.binance.com')
response = client.new_listen_key()

print('Receving listen key : {}'.format(response['listenKey']))
ws_client = SpotWebsocketClient(stream_url='wss://stream.binance.com:9443')

Expected behaviour and actual behaviour
ClientError should be raised also when API secret is wrong not only when API key is wrong.

Steps to reproduce
You can reproduce by yourself by simply passing a wrong API secret when creating a new Client instance.


  • binance-connector-python version = “1.18.0”
  • Python version 3.9.13
  • Windows and Linux

This is expected behavior.

new_listen_key method wraps the POST /api/v3/userDataStream API endpoint which has USER_STREAM security type. Endpoints for managing user data streams validate only the API key. They do not accept a signature parameter, the API secret key is effectively unused and ignored.