> ## Documentation Index
> Fetch the complete documentation index at: https://docs.whitebit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Private HTTP API Authentication

> Authenticate with WhiteBIT private HTTP API endpoints using API keys and HMAC-SHA512 signatures.

## Overview

The Authentication guide explains how to authenticate with WhiteBIT’s private HTTP API endpoints, which require authentication for security purposes.

## Getting Started

### Setting Up API Keys

<Steps>
  <Step>
    Navigate to [WhiteBIT API Settings](https://whitebit.com/settings/api)
  </Step>

  <Step>
    Select the appropriate configuration tab for API keys

    <Info>
      Different API keys provide access to different API endpoints
    </Info>
  </Step>

  <Step>
    Generate a new API key
  </Step>

  <Step>
    **Recommended Security Measures:**

    * Enable IP restrictions (specify up to 50 trusted IPs)
    * Enable Endpoint access restrictions (select only necessary endpoints)
  </Step>
</Steps>

<Note>
  Keys auto-deactivate after 14 days of inactivity. 2FA must be enabled before key creation.
  Use separate keys per application with minimal permissions.
</Note>

## Authentication Requirements

All authenticated requests must:

1. Use the `POST` HTTP method
2. Include specific body data
3. Contain required headers

### Body Data Format

The request body must be a JSON object containing:

| Field                       | Description                                            | Example                           |
| --------------------------- | ------------------------------------------------------ | --------------------------------- |
| `request`                   | Request path without domain name                       | `'/api/v4/trade-account/balance'` |
| `nonce`                     | An incrementing number larger than previous requests   | `1594297865000`                   |
| `nonceWindow`               | Optional boolean to enable time-based nonce validation | `true`                            |
| Request-specific parameters | Additional parameters required by the endpoint         | `"ticker": "BTC"`                 |

**Example Request Body:**

```json theme={"theme":{"light":"github-light","dark":"github-dark"}}
{
    "request": "/api/v4/trade-account/balance",
    "nonce": 1594297865000,
    "nonceWindow": true,
    "ticker": "BTC"
}
```

#### About Nonce Values

* Use the Unix timestamp in milliseconds for nonce values
* Ensure each nonce is larger than previous requests
* When `nonceWindow` is enabled:
  * Provide Unix timestamp in milliseconds as the nonce
  * Timestamp must be within ±5 seconds of server time
  * Each nonce must be unique to prevent double processing
  * Useful for high-frequency trading systems with concurrent requests

### Required Headers

Every authenticated request requires these headers:

Create the signature using: `hex(HMAC_SHA512(payload, key=api_secret))`

## Implementation Examples

WhiteBIT provides the [API Quick Start Helper](https://github.com/whitebit-exchange/api-quickstart) library with examples in multiple languages:

* Python
* PHP
* NodeJS
* Go
* JavaScript
* Kotlin
* DotNet
* Ruby
* C++
* Rust

## Common Errors

For rate limits and REST error format, see [Rate limits and error codes](/api-reference/rate-limits).

## Testing in the API playground

<Snippet file="private-api-playground-testing.mdx" />

## Related resources

* [API Reference Overview](/api-reference/overview) — Base URL, rate limits, and error format
* [Market Data overview](/api-reference/market-data/overview) — Public endpoints (no authentication)
* [Spot Trading overview](/api-reference/spot-trading/overview) — Private trading endpoints
* [OAuth Overview](/platform/oauth/overview) — Third-party application authorization for ecosystem partners