API Broker Integration Documentation
Application Process
- Information Submission
Submit the following information to Bybit Business:
- Bybit UID (used to log in to the OAuth management backend)
- OpenAPI whitelist IP (only applicable to OpenAPI; the OAuth management backend has no IP restrictions)
- Business Initialization
- Log in to Bybit using the corresponding UID.
- Visit https://www.bybit.com/app/user/oauth-admin
- Configure Application Name, Email, upload logo, etc.
- Configure Application Name, Email, upload logo, etc.
- Core parameter
redirect_uri: Multiple callback addresses can be configured. Theredirect_uripassed when invoking the page must be configured in the management backend. If the passed value does not match the configuration, it will default to the first address.
- After successful application, you will receive
client_idandclient_secret. Please securely store this information and do not share it with others.
API
1. Construct Authorization Page
https://www.bybit.com/en/oauth?client_id={client_id}&response_type=code&redirect_uri={redirect_uri}&scope=openapi&state={state}
| Field | Description |
|---|---|
client_id | Obtained after merchant initialization |
response_type | Fixed value: code |
scope | Pass openapi; other values require confirmation with Bybit |
state | Random string |
redirect_uri | The address to redirect to after user authorization; must be configured in the management backend |
2. Authorization Success Callback
After the user confirms authorization, the page will redirect (301) to `redirect_uri` with the parameter `code`.
Assuming `redirect_uri` is `https://www.example.com/callback`,
the callback URL will be: `https://www.example.com/callback/?response_type=code&code=sSn87036PCFub1g0FGigexSjT&scope=openapi&state=1234abc`
| Field | Description |
|---|---|
code | Core parameter; used by the merchant backend to obtain access_token |
3. Obtain Access Token
- URL: https://api2.bybit.com/oauth/v1/public/access_token
- Method: POST
Request Example
curl -v -X POST {url} \
-H 'Content-Type: application/x-www-form-urlencoded'
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36' \ # Use browser agent
-d 'client_id={client_id}' \
-d 'client_secret={client_secret}'\
-d 'code={code}' # Code can only be used once
Response Example
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3NjcwODM5NDEsIkNsaWVudElEIjoiQThmMzNFeEVTeEhjIiwiR3JhbnRNZW1iZXJJRCI6MTA2MzEwNzQxLCJBcHByb3ZlZFNjb3BlIjpbIm9wZW5hcGkiXSwiTm9uY2UiOiJPNmZ0QkdTYVdEIn0.Vq46cxPIzKmWz5fFwU4fQuF-IDqFJDOIelNLnH8r2Oo",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3Njk1ODk1NDEsIkNsaWVudElEIjoiQThmMzNFeEVTeEhjIiwiR3JhbnRNZW1iZXJJRCI6MTA2MzEwNzQxLCJBcHByb3ZlZFNjb3BlIjpbIm9wZW5hcGkiXSwiTm9uY2UiOiIwaVZMWVY3Z1pGIn0.ByGH8d5XtSQnkbxeyiXd56iJUTddBWjqFK8_EcAw48w",
"token_type": "bearer",
"expires_in": 86400,
"refresh_token_expires_in": 2592000
}
4. Obtain OpenAPI
- URL: https://api2.bybit.com/oauth/v1/resource/restrict/openapi
- Method: GET
- Include the Authorization header in the request, formatted as "Bearer {access_token}". For example, if
access_token = "12345", thenAuthorization = "Bearer 12345".
Request Example
curl {url} \
-H "Authorization: Bearer {access_token}"
Response Example
{
"ret_code": 0,
"ret_msg": "success",
"result": {
"api_key": "xxxxxxx",
"api_secret": "xxxxx"
}
}