Bybit API Cheat Sheet: A Detailed Developer’s Guide

The digital asset space continues to grow at an extraordinary pace. Every new day brings another protocol, another layer, and another opportunity for you to build tools that matter. If you are developing a trading platform, a crypto portfolio manager, or an automated bot, chances are you need programmatic access to exchanges. One of the key exchanges offering a rich and robust API interface is Bybit. This guide provides an overall and accessible breakdown of the most common and practical Bybit API commands, so you don’t have to dig through extensive documentation. We’ll walk you through each API category, providing examples, a brief description, and helpful tips to ensure a smooth integration.

Before diving into specific commands, let’s start with an overview of what makes Bybit’s API so worthwhile and developer-friendly.

Introduction to the Bybit API Cheat Sheet

The Bybit API is a set of RESTful and WebSocket interfaces that provide access to a wide range of exchange functionalities. You can query market data, place and cancel orders, fetch account balances, manage positions, and subscribe to real-time data streams. Bybit supports both linear and inverse contracts, as well as spot trading. The API has a rate limit in place, but it’s generous enough for most applications, especially if you handle retries and throttling properly.

You will find three major types of API endpoints here: public endpoints for market data that do not require authentication, private endpoints for account-level interactions, and WebSocket streams for real-time updates. You can integrate with the Bybit API using either your API key and secret pair or OAuth credentials, depending on the use case.

Authentication uses HMAC SHA256 signatures and requires precise timestamping. Keeping your private keys and seed phrases secure when making authenticated calls is critical. For every request, especially those involving asset transfers or order placement, it’s essential to implement safeguards on the client side.

Section 1: Public Market Data Endpoints

You do not need any API key to use these endpoints. They help fetch trading pairs, order books, tickers, and historical candles. These endpoints are critical for building charts, dashboards, and analytics interfaces.

Get Symbol List

Returns the list of active trading pairs (both spot and derivatives).

GET /v5/market/instruments-info

Get Order Book

Use this to retrieve the current state of the order book for a given symbol.

GET /v5/market/orderbook

Parameters:

• category = spot, linear, inverse
  
• symbol = Trading pair like BTCUSDT
  

Get Ticker Price

Returns the latest trade price and 24-hour stats.

GET /v5/market/tickers

Parameters:

• category = spot or contract
  
• symbol = Optional, if omitted will return all
  

Get Kline Candlestick Data

Retrieve OHLCV data for chart plotting.

GET /v5/market/kline

Parameters:

• category
  
• symbol
  
• interval
  
• start and end
  

Section 2: Account and Wallet Endpoints

This section requires authentication. These endpoints let you view balances, wallet activity, and margin status. You will need to sign requests using your API key and secret.

Get Wallet Balance

Fetches wallet balances for your account.

GET /v5/account/wallet-balance

Parameters:

• accountType = UNIFIED, CONTRACT, SPOT
  

This is where many developers start when trying to build a tracker. It’s also an area that should be explored in our comprehensive guide to Crypto Wallet APIs for developers and businesses.

Get Coin Information

Displays your coin-specific wallet statistics, including available and used margin.

GET /v5/account/coin-greeks

Query Transaction History

Gives deposit, withdrawal, and transfer history.

GET /v5/account/transaction-log

Parameters:

• category
  
• type
  
• start and end
  

Section 3: Orders and Trade Management (Write APIs)

This section contains write APIs, allowing you to execute trades, cancel them, or replace them. It’s essential to understand what differentiates these from read APIs, which only retrieve data. The distinction is crucial when comparing read APIs with write APIs in terms of performance and risk control.

Place Order

Places a new order on spot or contract markets.

POST /v5/order/create

Parameters:

• category
  
• symbol
  
• side (Buy or Sell)
  
• orderType (Limit or Market)
  
• qty, price, etc.
  

Cancel Order

Cancel a previously placed order.

POST /v5/order/cancel

Parameters:

• orderId or orderLinkId
  

Get Active Orders

Returns currently open orders.

GET /v5/order/realtime

Parameters:

• symbol
  

Get Order History

Retrieves a full history of order activity.

GET /v5/order/history

Section 4: Position Management Endpoints

For derivatives, understanding positions is vital. These endpoints enable you to query and manage your open positions, including leverage, margin mode, and other settings.

Get Open Positions

Fetches currently open positions.

GET /v5/position/list

Parameters:

• category
  
• symbol (optional)
  

Switch Margin Mode

Change between ISOLATED and CROSS margin modes.

POST /v5/position/switch-isolated

Set Leverage

Update leverage for a specific symbol.

POST /v5/position/set-leverage

Parameters:

• buyLeverage and sellLeverage
  

Section 5: Trade History and Executions

You will often want to get a list of past trades, either for reconciliation or reporting purposes. This section helps you access those granular details.

Get Trade History

Returns past executed orders.

GET /v5/execution/list

Parameters:

• category
  
• symbol
  
• orderId (optional)
  
• start and end (optional)
  

Section 6: Transfer and Asset Movement

If you manage multiple subaccounts or automate fund transfers, these endpoints are crucial.

Internal Transfer

Transfer assets between spot, derivatives, and unified accounts.

POST /v5/asset/transfer/inter-transfer

Parameters:

• fromAccountType
  
• toAccountType
  
• coin, amount
  

Get Transfer History

Monitor all past transfer events.

GET /v5/asset/transfer/query-inter-transfer-list

Section 7: WebSocket for Real-Time Streaming

For high-frequency trading or applications that need instant updates, WebSocket is a better choice than REST. You can subscribe to receive updates on order book changes, tickers, user trades, and wallet changes.

Public Topics (No Auth)

Connect to WebSocket and subscribe to:

• OrderBook (orderbook.1.BTCUSDT)
  
• Ticker (tickers.BTCUSDT)
  
• Kline (kline.1.BTCUSDT)
  

Private Topics (Auth Required)

Subscribe to user-centric data:

• Positions
  
• Executions
  
• Orders
  
• Wallet updates
  

WebSocket URLs:

• Public: wss://stream.bybit.com/v5/public
  
• Private: wss://stream.bybit.com/v5/private
  

Authentication over WebSocket requires a signed message using your API credentials.

Rate Limits and Best Practices

Bybit applies per-endpoint rate limits and general account-wide restrictions. Use the X-RateLimit-Reset and Retry-After headers to manage throttling. Try not to poll high-frequency endpoints needlessly. Use WebSocket where you can.

General Rate Limit Info

• REST API: Typically 20 requests per second
  
• WebSocket: Use pings to maintain session
  
• Burst requests are discouraged
  

Always implement exponential backoff on failed requests. Never store your private keys and seed phrases in plain text. Use environment variables and encrypted storage. Bybit also supports IP whitelisting and granular API key permissions.

Authentication and Signature Walkthrough

To make authenticated requests, you must include these headers:

X-BAPI-API-KEY

X-BAPI-TIMESTAMP

X-BAPI-SIGN

X-BAPI-RECV-WINDOW

Signature Format

You’ll need to hash your request using:

scss

HMAC_SHA256(secret, timestamp + apiKey + recvWindow + body)

The recvWindow should typically be 5000 (5 seconds), and the timestamp must be in milliseconds.

Error Handling

Bybit returns standard HTTP response codes and a retCode inside the JSON body. Here are common ones:

• 0: Success
  
• 10001: Parameter error
  
• 10006: Invalid signature
  
• 10016: Rate limit
  

Your integration should gracefully handle timeouts and retries. Always verify the contents of responses, especially for fund transfers and order placements.

Summary and Final Thoughts

The Bybit API is one of the most complete trading APIs available to developers. With both REST and WebSocket capabilities, support for spot and derivatives, and high-level controls for account and trade management, it is well-suited for a wide range of applications. As you proceed to integrate with the Bybit API, always monitor your usage, handle errors properly, and store sensitive data securely.

This guide aims to surface the most useful and frequently used endpoints in one place. Instead of spending time scouring the official docs for each call, you now have a complete cheat sheet to move faster. From market data to real-time updates, you can now create, monitor, and manage your crypto trading infrastructure with Bybit.

Vezgo: The Crypto API

As you explore ways to expand your application beyond Bybit and unify crypto data across multiple platforms, Vezgo stands out as the all-in-one solution tailored for developers and businesses alike. Vezgo is a universal crypto API designed to simplify integration by aggregating balances, positions, and transactions across hundreds of exchanges, wallets, and blockchains. With just one secure connection, your users can link their entire portfolio, from centralized exchanges like Binance and Bybit to decentralized wallets and even NFT holdings, without any manual input. The Vezgo Connect Flow provides a seamless onboarding experience, allowing users to authenticate and link their crypto accounts with just a few clicks, thereby eliminating the need to build multiple custom integrations from scratch.

When it comes to data, Vezgo gives you robust and reliable access to the information that matters most. Through a single API call, you can retrieve comprehensive balances and positions, including token holdings in native and fiat values. Vezgo also provides full transaction history across CEXs, blockchains, and wallets, allowing you to track user activity with accuracy and consistency. The API ensures standardized outputs regardless of the source, which simplifies your backend processing and improves data quality across your platform. From token swaps on Ethereum to wallet transfers on Solana, the Vezgo API delivers clean and normalized data without added complexity.

Security is deeply embedded in Vezgo’s infrastructure. The platform is SOC 2 Type II compliant and uses industry-grade encryption protocols like AES 256 and TLS 1.2 to safeguard all data in transit and at rest. Developers benefit from clean, well-structured API documentation that makes integration intuitive and fast, even for complex use cases. Additionally, Vezgo provides hands-on support to help you troubleshoot, scale, and deploy your integrations with confidence. You may be building a crypto portfolio tracker, accounting software, or a tax platform. Vezgo equips you with the foundation to grow securely and efficiently, saving you time and development overhead while ensuring your users receive the most accurate and up-to-date insights across all their crypto assets.