Create express withdraw token
Create a single-use Express Withdraw payment token that charges a WhiteBIT user’s balance to the partner’s Main balance instantly and off-chain via the V4 API.
Payment flow
The partner integrates one endpoint; WhiteBIT hosts everything the paying user sees.- The partner creates a payment token with the currency, the amount, and a partner-side
externalId. - The partner presents the returned
urlto the user — redirect, deep link, or QR code. - The user opens the URL while authenticated on WhiteBIT and confirms the displayed ticker and amount on the WhiteBIT-hosted confirmation surface.
- WhiteBIT debits the user’s balance and credits the partner’s Main balance in a single internal, off-chain, zero-fee transfer, then marks the token used.
expireAt in the response carries the authoritative expiry. Create the token as close as possible to the moment of presenting the URL to the user; after expiry, re-create the token with the same externalId to receive a fresh one.Notes
- For the full integration walkthrough — token lifecycle, idempotency, and limits — see the Express Withdraw section of the Payment Integration guide.
- The endpoint does not support pagination.
Authorizations
The public WhiteBIT API key.
Base64-encoded JSON request body.
HMAC-SHA512 signature of the payload, hex-encoded. Computed as hex(HMAC-SHA512(payload, api_secret)).
Body
Currency ticker to charge. Example: USDT
⚠️ The ticker must be a withdrawal-enabled cryptocurrency; the endpoint rejects fiat tickers. Use Asset Status endpoint to check the withdrawal status of a currency.
"USDT"
Partner-side reference for the payment (order or invoice identifier), unique per partner account. The identifier powers idempotency and replay protection: a pending externalId with an identical ticker and amount returns the same token; the endpoint rejects an already-paid externalId with error code 19.
"order-100294"
Request signature
"{{request}}"
Unique request identifier
1594297865000
Response
Token created. Present the returned URL to the paying user before the expiry in expireAt.
URL to present to the paying user (redirect, deep link, or QR code). The value is the WhiteBIT-hosted web confirmation page by default, or a mobile deep link when one is configured for the partner at onboarding; in both cases the unique token travels in the token query parameter. Treat the value as opaque.
"https://whitebit.com/express-withdraw?token=8f3c0a7d4e21"
Absolute token expiry timestamp in YYYY-MM-DD HH:MM:SS format (UTC). The authoritative expiry: each token expires 90 seconds after creation.
"2026-07-10 12:34:56"