Bybit Exchange Setup
Connect your Bybit account to SignalBee in minutes. This guide walks you through creating and configuring API keys with the exact permissions needed for automated trading.
Good to know: Bybit uses a two-value authentication system (API Key + Secret Key), similar to Binance. No passphrase required.
Prerequisites
Before you begin, make sure you have:
- Verified Bybit account - Identity verification (KYC) completed
- 2FA enabled on Bybit - Required for API key creation
- SignalBee account - Ready to connect an exchange
- Password manager - For storing your API credentials securely
Security Note: Bybit requires 2FA (two-factor authentication) to create API keys. If you haven't enabled 2FA yet, go to Account & Security → Two-Factor Authentication in your Bybit account settings.
Understanding Bybit Account Types
Bybit offers two account structures. This guide assumes you're using the recommended modern option:
| Account Type | Description | SignalBee Compatibility |
|---|---|---|
| Unified Trading Account (UTA) | Single account for Spot, Derivatives, and Options | ✅ Recommended - Better capital efficiency |
| Standard Account | Separate wallets for each product | ⚠️ Supported - Legacy structure |
Why Use Unified Trading Account?
The Unified Trading Account (UTA) is Bybit's modern account structure with key benefits:
- Single wallet - No need to transfer funds between Spot and Derivatives
- Better capital efficiency - Use the same collateral across products
- Simpler management - One balance to track
Tip: If you're creating a new Bybit account, you'll automatically get a Unified Trading Account. Existing users can upgrade in Account Settings.
Creating Your API Key
Follow these steps to create an API key on Bybit.
Step 1: Log In to Bybit
- Go to www.bybit.com
- Log in with your email and password
- Complete 2FA verification (authenticator app or SMS)
Step 2: Navigate to API Management
- Click your profile icon in the top-right corner
- Select API from the dropdown menu
- You'll see a list of your existing API keys (if any)
Step 3: Create a New API Key
- Click the Create New Key button
- Select System-generated API Keys (recommended)
- Click Next
Step 4: Label Your API Key
- Enter a descriptive label:
SignalBee Trading - A clear label helps you identify this key's purpose later
- Click Next
Tip: Use specific labels like "SignalBee-Spot" or "SignalBee-Main" if you plan to create multiple keys for different purposes.
Step 5: Set Permissions
Configure the permissions for your API key (see Configuring Permissions section for details):
- Set Spot to Read-Write - Required for trading
- Set Wallet to Read-Only - View balances
- Set other permissions to No Permission (unless needed)
- ❌ Do NOT enable Withdrawals - Never needed
Step 6: Complete Security Verification
Bybit requires multiple verification steps:
- Authenticator App - Enter the 6-digit code from your authenticator
- Email Verification - Click the link sent to your registered email
- Wait for verification to complete
Step 7: Copy Your Keys IMMEDIATELY
After verification, Bybit displays your API credentials:
- API Key - Can be viewed later in your API Management page
- Secret Key - ⚠️ Shown only ONCE - Copy it immediately!
| Key | Can View Later? | Action Required |
|---|---|---|
| API Key | ✅ Yes | Copy and save |
| Secret Key | ❌ NO - Never shown again | Copy immediately! |
Warning: If you close this page without copying your Secret Key, you'll need to delete this API key and create a new one. There is no way to recover a Secret Key.
Save both keys in your password manager now before proceeding.
Configuring Permissions
Bybit uses a permission level model: No Permission, Read-Only, or Read-Write for each category. Configure these carefully to balance functionality and security.
Permission Levels Explained
| Level | What It Allows |
|---|---|
| No Permission | Cannot access this category at all |
| Read-Only | Can view but cannot make changes or place orders |
| Read-Write | Can view AND make changes/place orders |
Required Permissions
| Permission Category | Set To | Why |
|---|---|---|
| Spot | ✅ Read-Write | Allows SignalBee to place spot orders |
| Wallet | ✅ Read-Only | Allows SignalBee to check your balances |
Optional Permissions
| Permission Category | Set To | Why |
|---|---|---|
| Derivatives | ⚠️ Read-Write (only if needed) | Enable only if using SignalBee for perpetual/futures trading |
| Options | ⚠️ Read-Write (only if needed) | Enable only if trading options |
| Exchange | No Permission | Not needed for SignalBee |
Never Enable These Permissions
| Permission | Enable? | Why |
|---|---|---|
| Withdrawals | ❌ NEVER | SignalBee never needs withdrawal access. Enabling this is a serious security risk. |
| Wallet Read-Write | ❌ NEVER | Can transfer funds between accounts. Read-Only is sufficient. |
Security Note: Even if your API key is somehow compromised, funds cannot be withdrawn without withdrawal permissions enabled. This is your most important security protection.
How to Edit Permissions
- In API Management, find your SignalBee API key
- Click the Edit button next to the key
- Modify the permission dropdowns as shown above
- Click Confirm
- Complete 2FA verification to save changes
IP Whitelist Configuration
IP whitelisting restricts your API key to only work from specific IP addresses. This is optional but adds a strong security layer.
Why Use IP Whitelisting?
| Scenario | Without Whitelist | With Whitelist |
|---|---|---|
| SignalBee places trade | ✅ Works | ✅ Works |
| Attacker tries stolen key | ⚠️ Could work | ❌ Blocked |
Even if your API key is somehow exposed, it won't work from unauthorized IP addresses.
SignalBee Server IP Addresses
Note: Contact support@signalbee.trade to request SignalBee's current production IP addresses for whitelisting. We maintain static IPs specifically for exchange API calls and will notify you before any infrastructure changes.
How to Configure IP Whitelisting
- When creating or editing your API key, find the IP Restriction section
- Select Restrict to Trusted IPs
- Click Add IP Address
- Enter each SignalBee IP address provided by support
- Click Confirm
- Complete 2FA verification
If You Skip IP Whitelisting
If you choose not to use IP whitelisting:
- Select No Restriction for IP access
- Understand this is less secure but still safe if withdrawals are disabled
- Your other security measures (no withdrawal permission) still protect your funds
Adding to SignalBee
Now connect your Bybit API key to SignalBee.
Step 1: Go to Exchanges Page
- Log in to your SignalBee account
- Navigate to Exchanges in the main menu
Step 2: Add New Exchange
- Click the Add Exchange button
- Select Bybit from the exchange list
Step 3: Enter Your Credentials
- API Key - Paste your Bybit API key
- Secret Key - Paste your Bybit Secret key
- Label (optional) - Enter a name like "Bybit Main Account"
Step 4: Test the Connection
- Click Save and Test Connection
- Wait for SignalBee to verify your credentials
- Look for the ✅ success message
Step 5: Verify Your Setup
After successful connection:
- Your Bybit balances should appear in SignalBee
- Check that your expected assets are listed
- Balances confirm the Wallet Read-Only permission is working
Tip: If balances don't appear, verify that Wallet permission is set to Read-Only (not No Permission) in your Bybit API settings.
Bybit-Specific Considerations
Ticker Format
Bybit uses concatenated ticker symbols without separators (same as Binance):
| SignalBee Format | Bybit Format | ⚠️ Not This |
|---|---|---|
| BTC/USDT | BTCUSDT | |
| ETH/USDT | ETHUSDT | |
| SOL/USDT | SOLUSDT |
When configuring webhooks or signals, use the Bybit format: BTCUSDT, ETHUSDT, etc.
Unified Trading Account Benefits
With UTA enabled, you get several advantages:
| Feature | Standard Account | Unified Trading Account |
|---|---|---|
| Wallet Management | Separate wallets per product | Single unified wallet |
| Fund Transfers | Required between products | Not needed |
| Collateral Usage | Product-specific | Shared across products |
| Capital Efficiency | Lower | Higher |
Minimum Order Sizes
Bybit enforces minimum order values. Orders below these minimums will be rejected:
| Typical Minimum | Notes |
|---|---|
| ~$1 USD equivalent | Varies by trading pair |
| Exact values | Check specific pair rules on Bybit |
Tip: Check Bybit's trading rules for current minimum order sizes.
Trading Fees
| Fee Type | Standard Rate | VIP Discounts Available |
|---|---|---|
| Maker | 0.10% | Lower rates at higher VIP tiers |
| Taker | 0.10% | Lower rates at higher VIP tiers |
Tip: Increase your VIP level by trading volume to unlock fee discounts.
API Rate Limits
- Bybit imposes rate limits on API requests
- SignalBee handles rate limiting automatically
- If you see rate limit errors, reduce your signal frequency or check for duplicate webhooks
Testnet for Practice
Bybit offers a testnet environment for practicing without real funds:
| Environment | URL | Purpose |
|---|---|---|
| Production | www.bybit.com | Real trading with real funds |
| Testnet | testnet.bybit.com | Practice with test funds |
Tip: Create separate API keys on testnet.bybit.com to test your setup before using real funds. Testnet keys do not work on production, and vice versa.
Troubleshooting
Common Bybit-specific errors and solutions:
| Error | Likely Cause | Solution |
|---|---|---|
| "Invalid API-key" | Typo when copying, or key was deleted | Re-copy the API key carefully. Check for extra spaces. Verify key exists in Bybit. |
| "Signature Invalid" | Incorrect Secret Key | Re-copy the Secret Key. If lost, delete the API key and create a new one. |
| "IP not whitelisted" | API key restricted to different IPs | Add SignalBee's IPs to your whitelist, or disable IP restriction. |
| "Permission Denied" | Read-Only set when Read-Write needed | Change Spot permission from Read-Only to Read-Write in Bybit API settings. |
| "Insufficient Balance" | Funds in wrong location | With UTA, check your unified balance. Without UTA, ensure funds are in Spot wallet. |
| "Invalid Symbol" | Wrong ticker format | Use concatenated format: BTCUSDT, not BTC-USDT or BTC/USDT. |
| "Order qty too small" | Order below minimum | Increase order quantity to meet Bybit minimums (~$1). |
Connection Test Fails?
If your connection test fails in SignalBee:
- Double-check both keys - Copy-paste errors are the most common issue
- Wait a few minutes - New API keys may take 1-2 minutes to activate
- Verify permissions - Ensure Wallet has Read-Only and Spot has Read-Write
- Check IP whitelist - Disable IP restriction temporarily to test
- Try a different browser - Clear cache or use incognito mode
For persistent issues, see our Error Codes Reference or contact support@signalbee.trade.
Security Best Practices
Follow this checklist to keep your Bybit account secure:
Bybit Account Security
- Enable 2FA with an authenticator app (Google Authenticator, Authy) - more secure than SMS
- Use a unique, strong password for Bybit (not reused from other sites)
- Enable fund password on Bybit - adds extra verification for sensitive operations
- Enable withdrawal whitelist on Bybit - restricts withdrawals to pre-approved addresses only
API Key Security
- Create a dedicated API key just for SignalBee - don't reuse keys across services
- Never enable withdrawal permission - SignalBee never needs it
- Never enable Wallet Read-Write - Read-Only is sufficient
- Consider IP whitelisting for maximum security
- Never share your Secret Key via email, chat, or screenshots
- Store keys in a password manager (1Password, Bitwarden, etc.)
Ongoing Security
- Review your API keys periodically in Bybit - delete any you don't recognize
- Rotate API keys every 90 days as a security habit
- Monitor trade history on Bybit for any unauthorized activity
- Keep your email secure - it's used for Bybit account recovery
Security Note: Even with all these precautions, the most important protection is never enabling withdrawal permissions. Without this permission, your funds cannot be moved off the exchange even if everything else is compromised.
Related Resources
- API Key Best Practices - General API key security guidance
- Security Overview - How SignalBee protects your data
- Error Codes Reference - Common error messages explained