Check OAuth API key existence

curl --request GET \
  --url https://whitebit.com/oauth2/api-key/info \
  --header 'Authorization: Bearer <token>'

{
  "data": {
    "exists": true,
    "isEnabled": true,
    "externalId": "550e8400-e29b-41d4-a716-446655440000"
  }
}

GET

oauth2

api-key

info

Check OAuth API key existence

curl --request GET \
  --url https://whitebit.com/oauth2/api-key/info \
  --header 'Authorization: Bearer <token>'

{
  "data": {
    "exists": true,
    "isEnabled": true,
    "externalId": "550e8400-e29b-41d4-a716-446655440000"
  }
}

Authentication

OAuth 2.0 Bearer token. Required scope: apikeys.read. See Authentication. The endpoint is available on https://whitebit.com only.

No caching.

Use the decision matrix below to interpret the (exists, isEnabled) response and choose the next action.

`exists`	`isEnabled`	Meaning	Recommended action
`false`	`false`	No partner-issued API key exists for this `(user, OAuth2 client)` pair.	Start the OAuth API key flow.
`true`	`true`	An active partner-issued API key already exists.	Skip the OAuth API key flow. Surface “an active API key for this partner already exists” to the user.
`true`	`false`	A disabled partner-issued API key exists (post-inactivity, awaiting user-side deletion).	Skip the OAuth API key flow. Ask the user to delete the disabled key from the WhiteBIT dashboard, then retry.

Call the endpoint before redirecting the user to the OAuth authorization screen. Skipping the redirect when a key already exists avoids a flow the platform rejects.
Disabled keys are not deletable through the OAuth2 partner endpoint. Disabled keys are removed by the user from the WhiteBIT dashboard.
See Retrieve OAuth API key secret for the secret-fetch step and Delete OAuth API key for partner-initiated revocation.

Authorization

string

header

required

OAuth 2.0 Bearer Token authentication. Include the access token in the Authorization header.

Example: Authorization: Bearer YOUR_ACCESS_TOKEN

Successful response

data

object

Show child attributes

⌘I