A single MEXC account sits on top of more than 3,000 tradable assets, per the app's own listing, and behind every one of them is structured per-user state: spot wallet balances, open and historical orders, executed fills, futures positions and capital flow, plus deposit and withdrawal records. That is the material an integrator wants to sync. The fastest dependable way in is the read-only credential the account holder issues themselves, signed with HMAC SHA256 and scoped so it can never move funds.
The work here is a normalized read layer. We map MEXC's spot and futures surfaces to one schema, reconcile what the live signed endpoints return against what the account exports hold, and hand back source you can run. Below is the data, the routes we use, and what ships.
What the account holds
Each row is a real surface a MEXC account exposes to its owner, named close to how the app and its help pages name it.
| Data domain | Where it lives in MEXC | Granularity | What an integrator does with it |
|---|---|---|---|
| Spot wallet balances | Account / Funding view | Per-asset free and locked amounts, live | Portfolio valuation, reconciliation, treasury dashboards |
| Spot orders & fills | Orders > Spot Orders, Trade History | Per-order status; per-fill price, qty, fee, timestamp | PnL accounting, tax lots, execution analytics |
| Futures positions & capital flow | Futures order/position history, statement | Position size, entry, funding, realized PnL | Risk reporting, margin monitoring, derivatives accounting |
| Funding history | Wallets > Funding History | Per-deposit / per-withdrawal record with chain and txid | On/off-ramp tracking, audit trails, AML record-keeping |
| Earn positions | Fixed / Flexible Savings products | Principal, accrual, term where applicable | Yield reporting, consolidated balance views |
| Real-time fills | User data stream (listenKey) | Event-level order and balance updates | Live position sync without polling |
| Market reference | Public tickers and klines | Symbol price, depth, candles | Marking positions, charting, valuation snapshots |
Routes in
Three routes genuinely apply to MEXC. They differ in what they reach and how durable they are.
1. User-consented read-only credentials
The account holder provisions a key/secret pair scoped to read, never to trade or withdraw. We sign requests with it and read balances, order and trade history, open orders and futures surfaces directly. This is the cleanest path: it reads the owner's own data with their explicit grant, survives front-end redesigns, and gives event-level updates through the listenKey user data stream. The signed history window is short, so we pair it with route 3 for depth.
2. Authorized interface integration
For any surface a signed call does not cover, or to verify field semantics, we capture and analyze the app or web client traffic under the account holder's authorization and reproduce the request, header and token chain in code. This is documented protocol analysis for interoperability, done against a consenting account.
3. Native export backfill
MEXC lets account holders generate Excel or PDF exports for spot trades, futures history, capital flow and funding. Its help pages put the reach at roughly three years for spot, about 540 days for futures and around a year for deposits and withdrawals, with a monthly export cap. We parse these to seed history the live endpoints no longer return.
For most MEXC jobs we build on the consented read-only credential as the working surface and lean on exports purely to backfill the deep history those signed calls drop. Protocol analysis fills the rare gaps. We say which of the three we recommend per account once we see the actual scope.
What lands in your repo
Everything is tied to MEXC's real surfaces, not a generic template:
- An OpenAPI specification covering the account, order, trade, futures and funding reads we wire up, with the HMAC signing scheme documented.
- A protocol and auth-flow report: the X-MEXC-APIKEY header, the timestamp and recvWindow params, the signature derivation, and the listenKey lifecycle for the user data stream.
- Runnable source for the key endpoints in Python and Node.js, including signing, pagination across the order window, and rate-limit backoff.
- An export parser that folds Excel/PDF history into the same normalized schema.
- Automated tests against recorded fixtures, plus a normalized model so spot and futures records read uniformly.
- Interface documentation and data-retention guidance keyed to MEXC's own export limits.
A signed read
Illustrative shape of the signed balance-and-trades read, confirmed against the documented scheme during the build. Values are placeholders.
# Read-only key issued by the account holder. Never a withdrawal-enabled key.
import time, hmac, hashlib, requests
BASE = "https://api.mexc.com"
KEY, SECRET = creds() # supplied with consent at onboarding
def signed_get(path, params):
params["timestamp"] = int(time.time() * 1000)
params["recvWindow"] = 5000
q = "&".join(f"{k}={v}" for k, v in params.items())
sig = hmac.new(SECRET.encode(), q.encode(), hashlib.sha256).hexdigest()
r = requests.get(f"{BASE}{path}?{q}&signature={sig}",
headers={"X-MEXC-APIKEY": KEY}, timeout=10)
if r.status_code == 429: # rate limited -> backoff and retry
raise RateLimited(r.headers.get("Retry-After"))
r.raise_for_status()
return r.json()
balances = signed_get("/api/v3/account", {})["balances"]
fills = signed_get("/api/v3/myTrades", {"symbol": "BTCUSDT"})
# fills[i] -> price, qty, commission, commissionAsset, time, isBuyer
What we plan around
Specifics of MEXC we account for so the integration does not break in production:
- Short live history window. The signed order endpoint returns only a recent window, defaulting to about 24 hours and capping near 7 days. We design the sync to page that live window for freshness and reconstruct anything older from the consented exports, so deep history is never silently lost.
- Spot and futures are different shapes. Symbols, fee fields and position semantics diverge between the two engines. We normalize them into one model and keep the mapping explicit, so a consumer never has to know which engine a record came from.
- Export caps and async generation. Exports are rate-limited per month and generated asynchronously, sometimes delivered by email. We build the backfill to request, wait, fetch and dedupe rather than assume an instant download.
- Front-end and entity changes. Where we use interface integration, we keep a re-check step in maintenance for when the client changes; access is arranged with you during onboarding and the build runs against a consenting account.
Consent & MiCA
For a crypto exchange the dependable basis is the account holder's own authorization: the read-only key they mint, or an export they generate. That grant is what every read here rests on, and it is revocable at any time by deleting the key. We keep consent records, log access, minimize what we store, and work under NDA where required.
The regulatory backdrop is the EU's MiCA transition. MEXC was flagged by the Dutch AFM in September 2025 for serving Dutch users without a local licence, per reporting, and the platform has said pursuing a MiCA licence is a strategic priority. Because our integration reads the user's own data under their consent, it does not hinge on the platform's licence status; we keep endpoints and consent handling configurable so an EU account holder migrated to a compliant MEXC entity can be re-pointed without a rebuild. GDPR governs the personal data of EU account holders throughout.
Pricing
Source-code delivery starts at $300, invoiced only after we hand over the build and you have run it and are satisfied. You get the runnable source, the OpenAPI spec, the auth-flow report, tests and interface docs, and you host it yourself. The alternative is our hosted API: you call our endpoints for MEXC reads and pay per call, with no upfront fee, when you would rather not run the integration in-house. Either way the build cycle is one to two weeks. Tell us the scope and what you want out of the account, and we will point you at the right one — start a brief on the contact page.
Freshness
For live state, the listenKey user data stream pushes order and balance updates as they happen, so a synced view tracks fills without hammering the REST endpoints. Snapshot reads carry MEXC's documented per-second limits — tighter on order endpoints than on the rest — so the source ships with backoff and a polite request cadence. Historical backfill runs once from exports, then incremental syncs ride the live window.
Screens
App screens we reviewed while mapping the surfaces above. Select to enlarge.
Similar exchanges
Where MEXC sits among comparable platforms, useful when a job needs one normalized view across several exchanges. Names are for context only.
- Binance — large spot and futures venue; its account holds balances, orders and a deep trade history behind signed keys.
- Bybit — derivatives and copy-trading focus; positions, fills and funding sit behind an authenticated account.
- OKX — exchange plus on-chain wallet; account data spans spot, futures and DeFi-adjacent balances.
- KuCoin — wide altcoin listing; per-user orders, trades and sub-account balances behind credentials.
- Kraken — spot and futures with ledger-style records of trades and funding movements.
- Coinbase — retail-heavy account model with transaction, order and portfolio records.
- Gate.io — broad asset coverage; spot, margin and futures records per account.
- Bitget — copy-trading and futures; positions and fills behind an authenticated key.
Questions integrators ask about MEXC
Can you read MEXC futures positions, or just spot?
Both. Spot balances, open orders and trade fills come from the account and trading endpoints, while futures position history, order history and capital flow are a separate surface we map alongside the spot read so a single normalized model covers both legs.
How far back can MEXC trade history actually be pulled?
It depends on the surface. The signed order endpoint returns a short live window, so deep history is reconstructed from MEXC's own exports, which its help pages describe as roughly three years for spot trades, about 540 days for futures and around one year for deposits and withdrawals. We design the backfill around those limits.
What happens to an EU-facing MEXC integration under MiCA?
The integration reads the account holder's own data under their authorization, so it does not depend on the platform's licence status. MiCA changes which entity serves EU users and how identity checks run, so we keep the consent records and endpoints configurable and re-validate when an EU user is migrated to a compliant entity.
Do you need our MEXC login, or just keys?
Just read-only API credentials the account holder issues, or a consenting export when a surface is not on the signed API. We never ask for a password or a withdrawal-enabled key; access is arranged with you during onboarding and kept data-minimized and logged.
What we checked
Surfaces and limits were verified against MEXC's published API reference and its account-export help pages, and the regulatory note against current MiCA reporting, on 2026-06-17. Primary sources:
- MEXC Spot V3 API reference
- MEXC account data export guide
- MEXC futures export and 540-day limit
- MEXC on its MiCA licence pursuit
OpenBanking Studio integration desk · mapping reviewed 2026-06-17.
App profile
MEXC: Buy Bitcoin & Crypto (package com.mexcpro.client, per its Play Store listing) is a centralized cryptocurrency exchange operating since 2018. Its listing cites 40M+ users across 170+ countries, more than 3,000 tradable assets, spot and futures trading, fiat on-ramps, Earn savings products and the MX token, and it states figures such as 1.4 million transactions per second as platform claims. Trading covers mainstream assets like BTC, ETH, SOL and XRP through to meme and gaming tokens. This page is an independent reference for integrating that account data and is not affiliated with MEXC.