Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.whitebit.com/llms.txt

Use this file to discover all available pages before exploring further.

The OAuth 2.0 endpoints documented in this section cover three integration surfaces: authorization and token exchange, OAuth-issued API keys, and account read endpoints. Partner platforms that need to issue WhiteBIT API keys on behalf of users SHOULD use the OAuth API key flow — the flow replaces manual key creation and copy-paste with a consent-driven bootstrap that issues a partner-scoped key, restricts the key to the partner’s registered IP ranges, and exposes the secret to the partner exactly once.

Endpoint groups

OAuth API keys

Recommended partner integration. Issue, retrieve, and delete API keys on behalf of WhiteBIT users.

Authorization and tokens

OAuth 2.0 authorization code flow: authorize, exchange code for access token, refresh.

Account read endpoints

Read account transactions, balances, orders, deals, and conversions on behalf of the authenticated user.

OAuth API key flow

The OAuth API key flow uses Authorization Code with PKCE (S256) and a 4-hour access token without refresh. The partner redirects the user to the WhiteBIT consent screen; on consent and MFA approval, the WhiteBIT platform issues a partner-issued API key for the authenticated (user, OAuth2 client) pair. The partner detects key creation through GET /oauth2/api-key/info, retrieves the secret exactly once through GET /oauth2/api-key/{externalId}/secret, and deletes the key when no longer needed through DELETE /oauth2/api-key/{externalId}. See the Fast API Key integration guide for the full integration walkthrough.

Required scopes

ScopeEndpointPurpose
apikeys.readGET /oauth2/api-key/infoCheck whether a partner-issued API key already exists for this (user, client) pair
apikeys.readGET /oauth2/api-key/{externalId}/secretRetrieve the API secret once
apikeys.deleteDELETE /oauth2/api-key/{externalId}Delete a partner-owned API key

Region availability

The OAuth API key endpoints (/oauth2/api-key/*) are available on the global server (https://whitebit.com) only. The EU server (https://whitebit.eu) does not expose these endpoints in this release.

Fast API Key integration guide

OAuth 2.0 (conceptual)

Private HTTP API authentication

Fast API Key (glossary)