Overview
The Authentication guide explains how to authenticate with WhiteBIT’s private HTTP API endpoints, which require authentication for security purposes.Getting Started
Setting Up API Keys
1
Navigate to WhiteBIT API Settings
2
Select the appropriate configuration tab for API keys
Different API keys provide access to different API endpoints
3
Generate a new API key
4
Recommended Security Measures:
- Enable IP restrictions (specify up to 50 trusted IPs)
- Enable Endpoint access restrictions (select only necessary endpoints)
Keys auto-deactivate after 14 days of inactivity. 2FA must be enabled before key creation.
Use separate keys per application with minimal permissions.
Authentication Requirements
All authenticated requests must:- Use the
POSTHTTP method - Include specific body data
- Contain required headers
Body Data Format
The request body must be a JSON object containing:
Example Request Body:
About Nonce Values
- Use the Unix timestamp in milliseconds for nonce values
- Ensure each nonce is larger than previous requests
- When
nonceWindowis enabled:- Provide Unix timestamp in milliseconds as the nonce
- Timestamp must be within ±5 seconds of server time
- Each nonce must be unique to prevent double processing
- Useful for high-frequency trading systems with concurrent requests
Required Headers
Every authenticated request requires these headers: Create the signature using:hex(HMAC_SHA512(payload, key=api_secret))
Implementation Examples
For a raw HMAC-SHA512 signing walkthrough with curl and Python examples, see First API Call. Official SDKs for Go, Python, and PHP are listed on the SDKs page.Common Errors
For rate limits and REST error format, see Rate limits and error codes.Testing in the API playground
Related resources
- API Reference Overview — Base URL, rate limits, and error format
- Market Data overview — Public endpoints (no authentication)
- Spot Trading overview — Private trading endpoints
- OAuth Overview — Third-party application authorization for ecosystem partners