WhiteBIT does not offer a public testnet or sandbox environment — all API calls in this guide execute against the live API.
Steps 1 and 2 are read-only public calls, safe to run freely.
Step 4 only reads account balances — it places no orders and moves no funds.
Prerequisites
- curl or Python 3.x installed
- Steps 1–2: No account required
- Steps 3–4: WhiteBIT account (register), 2FA enabled, API key with Info + Trading permissions (create key)
1
Check server time (public, no auth)
Verify connectivity by calling the public server time endpoint — no authentication needed.Endpoint: Expected response:The
GET https://whitebit.com/api/v4/public/time (API Reference)- cURL
- Python
time field is a Unix timestamp in seconds.For Go and PHP examples, see SDKs.2
Fetch market data (public, no auth)
Retrieve the list of available markets — spot, futures, and TradFi futures. The endpoint requires no authentication.Endpoint: Expected response (truncated — the full response contains 900+ markets):Key fields:
GET https://whitebit.com/api/v4/public/markets (API Reference)- cURL
- Python
name (pair), minAmount (minimum order size in base asset), tradesEnabled (pair active status).For risk-free Spot trading practice, activate Demo Tokens (DBTC + DUSDT) from the
WhiteBIT Codes page. The
DBTC_DUSDT pair supports
the same API endpoints as any Spot market — place, query, and cancel orders without
risking real funds. No KYC required.3
Generate an API key
All private endpoints require an API key. Skip this step if a key is already available.
- Navigate to API key settings.
- Enable 2FA if not already active — key creation requires active 2FA.
- Create a new key with Info + Trading permissions.
- Optionally whitelist the current IP address (up to 50 addresses per key).
- Save the API key and secret immediately — the portal displays the secret only once and offers no way to retrieve it later.
4
Authenticated balance check (private)
Read the Trade account balance. This call requires HMAC-SHA512 signing.Endpoint: Expected response:Each key is an asset ticker.
POST https://whitebit.com/api/v4/trade-account/balance (API Reference)Every private request requires three headers computed from the request body:X-TXC-APIKEY— the API key stringX-TXC-PAYLOAD— Base64-encoded JSON request bodyX-TXC-SIGNATURE— HMAC-SHA512 of the Base64 payload, hex-encoded, signed with the API secret
request (the endpoint path) and nonce (an ever-increasing integer — use Unix milliseconds).See Authentication for the full signing walkthrough.- Python
- cURL
available is the amount ready to trade; freeze is the amount locked in open orders. An empty response ({}) means the Trade balance holds no assets — transfer funds from Main first. See Balances & Transfers for details on Main, Trade, and Collateral account types.Troubleshooting
Invalid signature error
Invalid signature error
The payload used for Base64 encoding must be the exact same JSON string sent as the request body. Verify:
- The
requestfield matches the endpoint path exactly (e.g.,"/api/v4/trade-account/balance"). - The
nonceis an integer larger than the previous request’s nonce — use Unix milliseconds. - The API secret is current — regenerating the key invalidates the old secret.
- The HMAC uses the Base64-encoded string as input, not the raw JSON.
IP address not allowed
IP address not allowed
If the API key has IP whitelisting enabled, the request must come from a whitelisted IP address. Add the current IP at whitebit.com/settings/api.
Nonce is too small
Nonce is too small
The
nonce must be greater than the previous request’s nonce for the same API key. Use int(time.time() * 1000) to generate a millisecond-precision Unix timestamp. Avoid reusing nonces across requests.What’s Next
Spot Trading Quickstart
Place a first order on a spot market.
WebSocket Quickstart
Stream real-time prices over WebSocket.
Market Data Overview
Browse the 14 public endpoints for tickers, orderbooks, trades, and funding rates.