Skip to main content
Move funds into and out of WhiteBIT programmatically: generate deposit addresses, submit crypto and fiat withdrawals, convert between currencies before withdrawing, and settle between accounts with WhiteBIT Codes. Each flow documents the transaction lifecycle, status state machine, fee calculation, and webhook events, where each applies.
EEA users: USDT deposits and withdrawals have been unavailable since December 30, 2024 (MiCA compliance). Use USDC or EURI as alternatives. See Regulatory Compliance for details.

Prerequisites

Before integrating any flow on this page:
  • API key — create an API key with the required permissions in the WhiteBIT dashboard. Every endpoint on this page requires HMAC-signed requests (X-TXC-APIKEY, X-TXC-PAYLOAD, X-TXC-SIGNATURE headers). Store the secret per Security Best Practices.
  • Webhook URL — configure the webhook endpoint in the API key settings to receive transaction notifications. See Webhooks.
  • Fiat access — fiat operations additionally require completed institutional onboarding with approved fiat access.

Use cases

Three scenarios cover the most common partner integrations. Each closes with a link to the tab documenting the endpoints.

UC1 — Payment provider with per-end-user deposit address

A payment-provider partner assigns each end customer a unique deposit address and credits the customer’s account when funds arrive. Reconciliation is webhook-driven by uniqueId (each deposit address corresponds to one customer in the partner’s database). See the Crypto Deposits tab for endpoint detail.

UC2 — EEA crypto withdrawal with Travel Rule

A partner serving EEA end users submits withdrawals with the required travelRule object. The withdrawal goes through compliance review before on-chain broadcast. See the Crypto Withdrawals tab for endpoint detail.

UC3 — Crypto payout with conversion

When the partner holds one currency in Main balance but needs to send another, request a conversion quote, confirm it, and submit the withdrawal. The convert service handles balance routing internally; no manual Main↔Trade transfers are required. See the Withdrawal with Conversion tab for endpoint detail.

Deposit address generation

Generate a deposit address by calling POST /api/v4/main-account/address. See the API Reference for the full endpoint specification.Required parameters:Optional parameters: network — cryptocurrency network (e.g., ERC20, TRC20). Required for multi-network currencies like USDT; omit for single-network currencies. Query the Asset Status endpoint for available networks per currency.The endpoint returns the same address for the same ticker and network combination on repeated calls — addresses are permanent and reusable, not ephemeral.Key response fields: account.address, account.memo (for currencies requiring a memo or destination tag), required.fixedFee, required.flexFee, required.minAmount, required.maxAmount.Rate limit: subject to platform-level rate limits — see Rate Limits for current enforced values.
For Go and PHP examples, see SDKs.

Unique address per user

The POST /api/v4/main-account/address endpoint above returns the same address for the same ticker and network combination on every call. For payment provider integrations that assign a unique deposit address per end user, use POST /api/v4/main-account/create-new-address instead — this endpoint generates a fresh address on every call. See the API Reference for the full specification.
The /create-new-address endpoint is not available by default. Contact support@whitebit.com to request access.
For sub-accounts, crypto deposits are disabled by default. To enable deposits, contact the assigned Account Manager or institutional@whitebit.com.
Required parameters:Optional parameters: network (required for multi-network currencies; for USDT the default network is ERC20), type (address type for currencies that support several formats — BTC and LTC accept p2sh-segwit and bech32; the default is bech32).Rate limit: subject to platform-level rate limits — see Rate Limits for current enforced values.
Choosing between the two endpoints: The choice depends on the partner’s reconciliation model. Partners managing one consolidated wallet per asset (treasury, market-maker, single-merchant) use /address; repeat calls return the same address. Partners assigning one address per end customer (payment provider, per-user wallet) use /create-new-address; each call returns a fresh address, so an incoming deposit identifies the end user by address alone.

Deposit lifecycle

After funds arrive at a generated deposit address, the deposit passes through a defined sequence of states before crediting to the Main balance.
  1. Address generated (POST /api/v4/main-account/address)
  2. Funds sent by the external party — mempool detection begins
  3. Confirmation tracking begins — deposit.accepted webhook fires while confirmations.actual is below confirmations.required
  4. Each confirmation-count change fires the deposit.updated webhook with the new confirmations.actual — this event tracks progress; it does not signal completion
  5. Deposit credited to Main balance — deposit.processed webhook fires — terminal success state
  6. OR: Deposit canceled — deposit.canceled webhook fires — terminal failure state
  7. OR (EEA/Turkey): Travel Rule hold — deposit frozen (status 27 or 28). If the Travel Rule API is enabled, submit originator data via API to unfreeze; otherwise manual action at whitebit.com is required. See Travel Rule below.

Deposit status state machine

The deposit/withdraw history endpoint returns numeric status codes. The following table maps each code to the meaning and the corresponding webhook event.
Numeric status codes are namespaced by transactionMethod. The same code may mean different things for deposits (transactionMethod: 1) and withdrawals (transactionMethod: 2). Always interpret the code in the context of the transactionMethod that returned it.
Use POST /api/v4/main-account/history with transactionMethod: 1 and status filter to poll for deposits in specific states. See the endpoint page for the current enforced rate limit.

Network confirmations

Each cryptocurrency network requires a different number of block confirmations before the platform credits a deposit.Webhook payloads include confirmations.actual and confirmations.required fields — the confirmations.required value determines when the deposit completes. Query the Asset Status endpoint (GET /api/v4/public/assets) for per-currency confirmation requirements.Confirmation requirements vary by currency and network. Do not hardcode specific numbers — always retrieve the current values from the Asset Status endpoint.

Partial / over-payment scenarios

Crypto deposits credit the actual on-chain amount received; the system does not flag deposits as “underpaid” or “overpaid”. If a partner expects an exact amount (e.g., for invoice matching), reconciliation logic must compare the deposit amount in the deposit.processed webhook against the expected amount and surface mismatches as application-level alerts.

Refund flow

When a deposit is canceled (status 4 or 9), a refund may be available.Endpoint: POST /api/v4/main-account/refund-deposit — see the API Reference for the full specification.Prerequisites:
  • The deposit must have status canceled.
  • Obtain transactionId from the deposit.canceled webhook (uniqueId field) or from the deposit/withdraw history in the WhiteBIT interface.
Required parameters:The refund address must satisfy three constraints:
  • The address must support the same network and asset as the original deposit.
  • The address must not be a WhiteBIT-generated deposit address (an address created by /api/v4/main-account/address or /api/v4/main-account/create-new-address) — the endpoint refunds to external addresses only.
  • The address does not need to match the original sender address.
Webhook events for refund outcomes:
  • refund.successful — refund completed (includes refundAmount, refundNetworkFee, refundHash)
  • refund.failed — refund failed (the destination address does not support the required network or asset, or address validation fails; use a different address or contact support)
Rate limit: subject to platform-level rate limits — see Rate Limits for current enforced values.

Required endpoints for deposits

For integrations that use a single persistent deposit address instead of unique addresses per user, substitute POST /api/v4/main-account/address (API Reference) for the /create-new-address endpoint.

Travel Rule (EEA and Turkey)

Since May 18, 2025, WhiteBIT places inbound crypto deposits for EEA and Turkey accounts on hold until Travel Rule verification completes.
  • Status 27 (DEPOSIT_TRAVEL_RULE_FROZEN): deposit frozen, awaiting Travel Rule data from the account holder
  • Status 28 (DEPOSIT_TRAVEL_RULE_FROZEN_PROCESSING): Travel Rule data submitted, under review by WhiteBIT
API-based verification: When the Travel Rule API is enabled for the account, partners can submit originator data via POST /api/v4/travel-rule/deposit/verification to unfreeze deposits programmatically. See Travel Rule for the full verification flow and request format.
Manual verification fallback: If the Travel Rule API is not enabled for the account, frozen deposits require manual action at whitebit.com. Contact institutional@whitebit.com to request Travel Rule API access.
See Regulatory Compliance for the full Travel Rule reference. See the Travel Rule help center article for the complete requirements.

Webhook reconciliation

Reliable fund tracking requires both webhook-based and polling-based reconciliation. Primary method — webhooks for real-time notifications:
  • Configure the webhook URL in API key settings (see Webhooks)
  • Verify the HMAC-SHA512 signature on every incoming webhook. Each delivery includes three headers — X-TXC-APIKEY (the API key the webhook is bound to), X-TXC-PAYLOAD (base64-encoded JSON body), and X-TXC-SIGNATURE (HMAC-SHA512 of the payload with the API secret). See Security Best Practices for the verification algorithm.
  • Track the nonce field — each webhook nonce is strictly greater than the previous. The nonce travels inside the JSON payload, not in a separate header.
Retry policy: The platform retries failed deliveries over a 24-hour window — see Webhooks for the retry schedule. Fallback method — poll POST /api/v4/main-account/history:
  • Use transactionMethod: 1 for deposits, transactionMethod: 2 for withdrawals
  • Filter by status array for specific states
  • Recommended polling interval: every 5 minutes for active monitoring
  • See Rate Limits for current enforced values
For balance endpoints, WebSocket account streams, and polling-interval guidance beyond deposits and withdrawals, see Account Monitoring. Deduplication: Use the uniqueId from webhook payloads and history responses to deduplicate across webhook and polling paths.
The meaning of uniqueId differs by direction: for withdrawals, the value echoes the identifier supplied in the withdrawal request; for deposits, the platform assigns the value (the transaction identifier that the refund endpoint consumes as transactionId). Both are unique per transaction and safe as idempotency keys.
WhiteBIT does not offer a webhook replay mechanism. Implement polling as a fallback for outages longer than the 24-hour retry window. Store all processed uniqueId values to prevent double-processing.
Reconciliation pattern:
  1. Receive webhook — verify signature — extract uniqueId and status
  2. Store the event with uniqueId as the idempotency key
  3. On polling cycle: query the history endpoint — compare uniqueId values against stored events
  4. Process any events found via polling that the webhook path did not deliver
  5. Mark transactions as complete only when the transaction reaches a terminal status (3/7 for success, 4/9 for canceled deposits, 4 for canceled withdrawals)

What’s Next

Webhooks

Webhook setup, event types, signature verification, and retry behavior.

Convert

Estimate and confirm flow, plus conversion history queries.

Security Best Practices

API key management, IP whitelisting, and secret storage.