Binance CDN and API Domain List (For Network Allowlisting)
- Main Entry Domains
- API Domains
- Ticker Data Domains
- Static Resource CDNs
- Sub-Product Domains
- Auxiliary Domains
- Third-Party Analytics (Optional Allowlisting)
- Handling Wildcards
- Port Requirements
- Geographic Routing
- Additional Dependencies for Sub-Products
- Minimal Set for Corporate Allowlists
- Extended Set for Corporate Allowlists
- Risks of Domain Changes
- Special Allowlisting for API Key Users
- FAQ
- Further Reading
When company or school IT departments need to configure allowlists for Binance on their firewalls, they must know the actual domains Binance connects to. This note compiles a list for technical reference only. To download the App, go to the Binance Official Website or Binance Official App; for iPhone installation, refer to the iOS Setup Tutorial.
Main Entry Domains
| Domain | Purpose |
|---|---|
| binance.com | Main entry |
| www.binance.com | Main entry (with www) |
| binance.info | Backup entry |
| binance.bz | Asia-Pacific backup |
| accounts.binance.com | Login and registration subdomain |
These domains host the browser entries and H5 web pages.
API Domains
| Domain | Purpose |
|---|---|
| api.binance.com | Main API |
| api1.binance.com | API Backup 1 |
| api2.binance.com | API Backup 2 |
| api3.binance.com | API Backup 3 |
| api4.binance.com | API Backup 4 |
| api-gcp.binance.com | Google Cloud node |
| sapi.binance.com | Next-generation API |
| dapi.binance.com | Derivatives API |
| fapi.binance.com | Futures API |
API domains are distributed for high availability. The App will automatically connect to a reachable one.
Ticker Data Domains
| Domain | Purpose |
|---|---|
| stream.binance.com | WebSocket tickers |
| stream1.binance.com | Ticker backup |
| dstream.binance.com | Derivatives tickers |
| fstream.binance.com | Futures tickers |
Tickers use long-lived WebSocket connections, which must be kept open.
Static Resource CDNs
| Domain | Purpose |
|---|---|
| bin.bnbstatic.com | Static resource CDN |
| bnbstatic.com | Resource main domain |
| public.bnbstatic.com | Public resources |
| imgcdn.bnbstatic.com | Image CDN |
Slow loading of CDN domains directly impacts the first-screen experience.
Sub-Product Domains
| Domain | Purpose |
|---|---|
| nft.binance.com | NFT platform |
| pay.binance.com | Binance Pay |
| futures.binance.com | Futures page |
| academy.binance.com | Academy / Learning Center |
| research.binance.com | Research reports |
| launchpad.binance.com | Launchpad events |
| earn.binance.com | Earn products |
Allowlist these as needed.
Auxiliary Domains
| Domain | Purpose |
|---|---|
| s3.tradingview.com | TradingView candlestick rendering |
| charting-library.tradingview.com | Ditto |
| static.tradingview.com | Ditto |
Charts on the Binance trading page are fetched from TradingView's CDNs and must be allowlisted.
Third-Party Analytics (Optional Allowlisting)
| Domain | Purpose |
|---|---|
| google-analytics.com | Traffic analytics |
| googletagmanager.com | Tag management |
| sentry.io | Error monitoring |
These are embedded analytics SDKs within the App. In security-sensitive environments, you can choose not to allowlist them (core functions won't be affected).
Handling Wildcards
If your firewall supports wildcards:
- *.binance.com (Covers all binance.com subdomains)
- *.bnbstatic.com (Covers all static resources)
These two wildcards are sufficient for daily use.
Port Requirements
The Binance App and web pages primarily use:
| Protocol | Port |
|---|---|
| HTTPS | 443 |
| WebSocket Secure | 443 (Same as HTTPS) |
| HTTP/3 (QUIC) | 443 UDP |
As long as both 443 TCP and UDP are open, you are good to go. Binance does not use other ports (like 80 or 8080).
Geographic Routing
Binance's domains return different IPs via intelligent DNS resolution:
- Mainland China → Hong Kong / Singapore nodes
- North America → North American nodes
- Europe → European nodes
Configuring an IP allowlist on the firewall is nearly impossible (the IP ranges are vast and dynamic); you must allowlist by domain names.
Additional Dependencies for Sub-Products
Sub-products like NFT and Pay require additional connections:
- Blockchain RPC nodes (various public chains)
- IPFS gateways (NFT metadata)
- Third-party payment gateways (Pay)
These typically do not appear in corporate allowlists, but NFT users might need them.
Minimal Set for Corporate Allowlists
If you only want to allow employees to occasionally check tickers and make basic trades:
- *.binance.com
- *.bnbstatic.com
- *.tradingview.com (Charts)
These three rules are enough.
Extended Set for Corporate Allowlists
To allow full functionality:
- *.binance.com
- *.bnbstatic.com
- *.tradingview.com
- Blockchain RPC nodes (depending on the product)
Risks of Domain Changes
Binance occasionally adds new domains (e.g., when new products launch). If your allowlist is strict:
- New features might be unusable.
- Symptoms manifest as "page load errors".
- Inspecting the Network panel will reveal exactly which domain was blocked.
Update your allowlists regularly.
Special Allowlisting for API Key Users
If you are running quantitative strategies, you will need:
- api.binance.com (Base API)
- stream.binance.com (Ticker WebSocket)
- Or fapi.binance.com / dapi.binance.com (Futures/Derivatives)
Just the first two are enough to run spot trading strategies.
FAQ
Q: Is it compliant to allowlist all Binance domains? A: This depends entirely on corporate policies. Technically, it is perfectly viable.
*Q: Does the wildcard .binance.com cover sub-products? A: Yes. All subdomains ending in .binance.com are covered.
Q: Can the firewall identify traffic based on SNI? A: Yes. The target domain is exposed via SNI during the HTTPS handshake.
Q: Are the subdomains used by the App identical to the web ones? A: The API domains are identical, but the App's embedded resource CDN domains might be further segmented.