Private HTTP API Authentication

Overview

The Authentication guide explains how to authenticate with WhiteBIT’s private HTTP API endpoints, which require authentication for security purposes.

Getting Started

Setting Up API Keys

Navigate to WhiteBIT API Settings

Select the appropriate configuration tab for API keys

Different API keys provide access to different API endpoints

Generate a new API key

Recommended Security Measures:

Enable IP restrictions (specify up to 50 trusted IPs)
Enable Endpoint access restrictions (select only necessary endpoints)

Keys auto-deactivate after 14 days of inactivity. 2FA must be enabled before key creation. Use separate keys per application with minimal permissions.

Authentication Requirements

All authenticated requests must:

Use the POST HTTP method
Include specific body data
Contain required headers

Body Data Format

The request body must be a JSON object containing:

Field	Description	Example
`request`	Request path without domain name	`'/api/v4/trade-account/balance'`
`nonce`	An incrementing number larger than previous requests	`'1594297865000'`
`nonceWindow`	Optional boolean to enable time-based nonce validation	`true`
Request-specific parameters	Additional parameters required by the endpoint	`"ticker": "BTC"`

Example Request Body:

{
    "request": "/api/v4/trade-account/balance",
    "nonce": 1594297865000,
    "nonceWindow": true,
    "ticker": "BTC"
}

About Nonce Values

Use the Unix timestamp in milliseconds for nonce values
Ensure each nonce is larger than previous requests
When nonceWindow is enabled:
- Provide Unix timestamp in milliseconds as the nonce
- Timestamp must be within ±5 seconds of server time
- Each nonce must be unique to prevent double processing
- Useful for high-frequency trading systems with concurrent requests

Required Headers

Every authenticated request requires these headers: Create the signature using: hex(HMAC_SHA512(payload, key=api_secret))

Implementation Examples

WhiteBIT provides the API Quick Start Helper library with examples in multiple languages:

Python
PHP
NodeJS
Go
JavaScript
Kotlin
DotNet
Ruby
C++
Rust

Common Errors

For rate limits and REST error format, see Rate limits and error codes.

Testing in the API playground

API Reference Overview — Base URL, rate limits, and error format
Market Data overview — Public endpoints (no authentication)
Spot Trading overview — Private trading endpoints
OAuth Overview — Third-party application authorization for ecosystem partners

​Overview

​Getting Started

​Setting Up API Keys

​Authentication Requirements

​Body Data Format

​About Nonce Values

​Required Headers

​Implementation Examples

​Common Errors

​Testing in the API playground

​Related resources

Overview

Getting Started

Setting Up API Keys

Authentication Requirements

Body Data Format

About Nonce Values

Required Headers

Implementation Examples

Common Errors

Testing in the API playground

Related resources