Skip to main content
Regulatory requirements affect API behavior depending on account jurisdiction. Two active regimes require integration changes for European Economic Area (EEA) accounts: MiCA restrictions on USDT operations and Travel Rule data requirements on crypto withdrawals.

MiCA: USDT restrictions for EEA users

Since December 30, 2024, EEA accounts cannot deposit, withdraw, or create WhiteBIT Codes in USDT. The restriction implements Markets in Crypto-Assets Regulation (MiCA) requirements — Tether (USDT issuer) has not obtained EU e-money authorization.

Impact on API integrations

  • The server rejects USDT deposit requests from EEA accounts
  • The server rejects USDT withdrawal requests from EEA accounts
  • The server blocks WhiteBIT Codes denominated in USDT for EEA accounts
  • No endpoint schema changes — the same endpoints apply, but the server returns an error for USDT operations from EEA-jurisdiction accounts
  • Non-EEA accounts are not currently affected

MiCA integration guidance

Do not hardcode USDT as the default stablecoin for EEA users. Use the Asset Status endpoint (GET /api/v4/public/assets) to check available currencies dynamically. Build currency selection logic that respects jurisdiction-specific restrictions. Source: Changes to USDT Services for EEA Users (Help Center)

MiCA transaction thresholds

The following platform-level thresholds apply to EEA users under MiCA. Any integration should account for the possibility that end users may encounter additional verification steps at these levels: Only fiat-backed stablecoins (e.g., USDC, EURI) are permitted under MiCA. Algorithmic stablecoins are not allowed for EEA accounts.

Travel Rule: EEA crypto withdrawals

Since May 19, 2025, crypto withdrawals from EEA accounts (and Turkey) require a travelRule object in the withdrawal request body. The requirement implements the Financial Action Task Force (FATF) Travel Rule for Virtual Asset Service Providers (VASPs).
The Travel Rule API endpoints are not available to all accounts. To request access, contact the assigned Account Manager or email institutional@whitebit.com. See the Travel Rule overview for details.

Timeline

Withdrawal request: travelRule object

The travelRule object is required on POST /api/v4/main-account/withdraw for crypto withdrawals from EEA accounts (and Turkey). The object uses a structured format: For the complete field-level reference, see the withdraw endpoint and the Travel Rule concept page.
The API still accepts a legacy flat format (type, vasp, name, address), but withdrawals submitted in the legacy format do not pass Travel Rule verification. Use the structured format for all integrations and migrate existing ones — see the legacy field mapping for the migration.

Code example: withdrawal with Travel Rule

The flow: collect the beneficiary and destination-wallet details from the end user first, then submit the withdrawal with the travelRule object attached.
First API Call documents the signing details (payload construction, nonce, and headers). For Go and PHP examples, see SDKs. Entity example: For entity withdrawals, set beneficiary.type to "entity" and provide the legal name in fullName:

Deposit status codes

Two deposit status codes indicate Travel Rule verification in progress. Travel Rule deposit holds apply to EEA and Turkey accounts. Deposits with status 27 or 28 are not credited to the account balance until Travel Rule verification completes. Build deposit monitoring logic to handle status codes 27 and 28 gracefully — do not treat frozen deposits as failed deposits. To resolve a frozen deposit: when the Travel Rule API is enabled for the account, submit the required data via Submit deposit verification; otherwise the depositor provides the data manually through the WhiteBIT interface.

Travel Rule integration guidance

Partners must collect beneficiary information (wallet type, beneficiary details, VASP identification) from end users before submitting withdrawal requests. The server rejects withdrawal requests from EEA (and Turkey) accounts that omit the travelRule object. Source: Travel Rule Requirements (Help Center)

Data processing and privacy

  • Data residency: WhiteBIT processes data in the European Union. A Data Processing Agreement (DPA) is available on request.
  • GDPR: WhiteBIT processes data in accordance with the General Data Protection Regulation (GDPR).
  • Sub-processors: For the current list of sub-processors, contact compliance@whitebit.com.
  • Data retention: For data retention policies, contact compliance@whitebit.com.

Certifications and audits

For certificate numbers, issuing bodies, and validity dates, contact institutional@whitebit.com. Independent verification is available on request.

VASP registrations

WhiteBIT holds VASP registrations in multiple jurisdictions. For a complete list of registration jurisdictions, supervising authorities, and registration numbers, contact compliance@whitebit.com.

Restricted jurisdictions

For a current list of restricted and prohibited jurisdictions, contact compliance@whitebit.com.

Regulatory scope

Regulatory requirements are evolving. Travel Rule enforcement and MiCA restrictions currently apply to EEA accounts (and Turkey for Travel Rule). WhiteBIT may extend enforcement to additional jurisdictions. Monitor the WhiteBIT Help Center and the Changelog for updates.

Contact

  • compliance@whitebit.com — DPA requests, sub-processor lists, data retention policies, VASP registration details, and restricted-jurisdiction confirmations
  • institutional@whitebit.com — certificate verification, Travel Rule API access, and institutional onboarding
Include the account jurisdiction, the partner type, and the specific request in the first message to avoid an extra clarification round-trip.

What’s Next

Institutional Overview

Product catalog and partner-type routing.

Onboarding

Step-by-step institutional onboarding process.