Skip to main content
Create express withdraw token
The endpoint is available only for B2B partner services and requires a separate approval process. Request access at https://institutional.whitebit.com/.

Payment flow

The partner integrates one endpoint; WhiteBIT hosts everything the paying user sees.
  1. The partner creates a payment token with the currency, the amount, and a partner-side externalId.
  2. The partner presents the returned url to the user — redirect, deep link, or QR code.
  3. The user opens the URL while authenticated on WhiteBIT and confirms the displayed ticker and amount on the WhiteBIT-hosted confirmation surface.
  4. WhiteBIT debits the user’s balance and credits the partner’s Main balance in a single internal, off-chain, zero-fee transfer, then marks the token used.
Each token expires 90 seconds after creation — expireAt in the response carries the authoritative expiry. Create the token as close as possible to the moment of presenting the URL to the user; after expiry, re-create the token with the same externalId to receive a fresh one.
Each payment is capped at the equivalent of 10,000 USDT, enforced at token creation and re-enforced at confirmation. Requests above the cap return error code 191.

Notes

Authorizations

X-TXC-APIKEY
string
header
required

The public WhiteBIT API key.

X-TXC-PAYLOAD
string
header
required

Base64-encoded JSON request body.

X-TXC-SIGNATURE
string
header
required

HMAC-SHA512 signature of the payload, hex-encoded. Computed as hex(HMAC-SHA512(payload, api_secret)).

Body

application/json
ticker
string
required

Currency ticker to charge. Example: USDT

⚠️ The ticker must be a withdrawal-enabled cryptocurrency; the endpoint rejects fiat tickers. Use Asset Status endpoint to check the withdrawal status of a currency.

Example:

"USDT"

amount
string
required

Amount to charge in the specified ticker. Numeric string.

⚠️ The amount converted to USDT-equivalent must not exceed 10,000; the endpoint rejects larger amounts with error code 191.

Example:

"25.50"

externalId
string
required

Partner-side reference for the payment (order or invoice identifier), unique per partner account. The identifier powers idempotency and replay protection: a pending externalId with an identical ticker and amount returns the same token; the endpoint rejects an already-paid externalId with error code 19.

Example:

"order-100294"

request
string
required

Request signature

Example:

"{{request}}"

nonce
integer
required

Unique request identifier

Example:

1594297865000

Response

Token created. Present the returned URL to the paying user before the expiry in expireAt.

url
string

URL to present to the paying user (redirect, deep link, or QR code). The value is the WhiteBIT-hosted web confirmation page by default, or a mobile deep link when one is configured for the partner at onboarding; in both cases the unique token travels in the token query parameter. Treat the value as opaque.

Example:

"https://whitebit.com/express-withdraw?token=8f3c0a7d4e21"

expireAt
string

Absolute token expiry timestamp in YYYY-MM-DD HH:MM:SS format (UTC). The authoritative expiry: each token expires 90 seconds after creation.

Example:

"2026-07-10 12:34:56"