A Complete Step-by-Step Guide for Beginners
If Bybit is your exchange of choice — great. Bybit is one of the most popular cryptocurrency exchanges in the world, known for its clean interface, strong liquidity, and excellent API support for trading bots.
This guide will walk you through the entire process of creating an API key on Bybit and connecting it to your BitcoinEra bot — safely and correctly, from start to finish.
If you haven’t read our explanation of what API keys are and why they’re safe, we recommend starting with our [Binance API guide →] which covers all the foundational concepts. This guide focuses specifically on the Bybit interface and its unique settings.
What Makes Bybit Different From Binance
Before we dive in, it’s worth noting a few things that are specific to Bybit:
- Bybit has a slightly different API management interface than Binance
- Bybit separates permissions more granularly — you’ll have more specific options to configure
- Bybit allows you to create Unified Trading Account API keys or Standard keys depending on your account type
- Bybit’s API key system is straightforward and beginner-friendly once you know where to look
Everything else — the core concepts, the security principles, the golden rules — are identical to what we covered in the Binance guide.
Before You Start — What You’ll Need
- ✅ A verified Bybit account (identity verification completed)
- ✅ Two-Factor Authentication (2FA) enabled on your Bybit account
- ✅ A BitcoinEra account with a bot selected and ready to connect
- ✅ About 10 minutes of uninterrupted time
💡 Don’t have a Bybit account yet? Go to bybit.com and complete the registration and KYC (identity verification) process first. This is required before API keys can be created.
The Golden Rules — Read Before You Touch Anything
These apply to every exchange, every bot, every time:
🔒 Never enable withdrawal permissions on any trading bot API key
🔒 Never share your API Key or Secret Key with anyone
🔒 Create a separate API key for each bot you run
🔒 If you suspect an API key has been compromised — delete it immediately
Step-by-Step: Creating Your Bybit API Key
Step 1 — Log In to Your Bybit Account
Go to bybit.com and log in using your email and password. Complete your 2FA verification when prompted.
Make sure you’re logging into the correct account — especially if you have both a personal and a sub-account on Bybit.
Step 2 — Navigate to API Management
Once logged in, look for your profile icon or avatar in the top right corner of the screen. Click on it to open the account dropdown menu.
From the dropdown menu, look for “Account & Security” and click on it.
On the Account & Security page, look for the “API” section in the left-hand sidebar or scroll down until you find the “API Management” section.
Alternatively, you can go directly to: bybit.com/app/user/api-management
Step 3 — Click “Create New Key”
On the API Management page you’ll see a button labelled “Create New Key”. Click it.
Bybit will present you with a choice of key type. You’ll typically see:
- System-generated API Key — Bybit generates the credentials for you
- Self-generated API Key — you provide your own public key (for advanced developers only)
Select “System-generated API Key” and proceed.
Step 4 — Choose the API Key Usage Type
This is a step unique to Bybit. You’ll be asked what this API key will be used for:
- API Transaction — for trading bots and automated trading systems
- Third-party application — for connecting to external platforms
Select “API Transaction” — this is the correct option for connecting a trading bot through BitcoinEra.
Step 5 — Name Your API Key
Give your API key a clear, descriptive name. As with Binance, this label is just for your own reference — it helps you identify which key belongs to which bot.
Good naming examples:
BitcoinEra_TrendRiderGridBot_Bybit_2024BitcoinEra_Bot1
Choose something you’ll recognize immediately if you come back to this page weeks or months later.
Step 6 — Set the API Key Permissions
This is the most important part of the entire process. Bybit gives you granular control over exactly what your API key can do.
Here’s exactly what to enable and what to leave disabled:
✅ Enable these permissions:
- Read — allows the bot to view your account balance, positions and trade history
- Spot Trading — allows the bot to place and cancel spot market orders
❌ Leave these disabled:
- Derivatives Trading — only enable if your specific bot is designed for futures/derivatives and you fully understand what that means
- Copy Trading — not needed for bot trading
- Earn — not needed
- NFT — not needed
- Exchange — not needed
- Withdrawals — NEVER enable this under any circumstances
🔒 Withdrawal permission disabled = your funds cannot leave your exchange account through the API. This is non-negotiable.
Step 7 — Set IP Restriction (Recommended)
Just like Binance, Bybit allows you to restrict your API key to specific IP addresses. This means the key can only be used from an approved location — adding a powerful extra layer of security.
You’ll see an option for “IP Access Restriction” with two choices:
- No restriction — the API key can be used from any IP address
- Restrict to specific IPs — the key only works from IP addresses you approve
If your bot runs from a dedicated server with a fixed IP address: Select “Restrict to specific IPs” and enter that server’s IP address. This is the most secure option.
If your bot runs from your home computer or a location with a changing IP address: Select “No restriction” for now — but consider upgrading to a fixed IP setup in the future.
Step 8 — Complete Security Verification
Bybit will ask you to verify your identity before the API key is created. You’ll need to complete:
- Email verification — a 6-digit code sent to your registered email
- Google Authenticator / 2FA verification — a code from your authenticator app
Enter both codes and confirm.
Step 9 — Save Your API Key and Secret Key Immediately
After verification, Bybit will display your newly created credentials:
API Key — a long alphanumeric string Secret Key — another long alphanumeric string
⚠️ CRITICAL: The Secret Key is displayed ONLY ONCE. It cannot be recovered or viewed again after you close this screen.
Do the following right now — before you do anything else:
- Copy the Secret Key
- Open your password manager (Bitwarden, 1Password, etc.) or a secure notes app
- Paste both the API Key and Secret Key there with a clear label
- Double-check that both are saved correctly
- Only then close or proceed past this screen
If you lose the Secret Key, your only option is to delete this API key and create a completely new one.
Step 10 — Connect Your Bybit API Key to BitcoinEra
With your credentials saved, it’s time to connect them to your bot on BitcoinEra.
Here’s how:
- Log in to your BitcoinEra dashboard
- Go to the bot you’ve selected from the catalog
- Click “Connect Exchange” or “Add API Key”
- Select Bybit from the exchange dropdown menu
- Paste your API Key into the first field
- Paste your Secret Key into the second field
- Click “Connect” or “Save”
BitcoinEra will immediately attempt to verify the connection by reading your Bybit account balance. If everything is configured correctly, you’ll see a green confirmation and your balance will appear in the dashboard.
Verifying That the Connection Is Working
After connecting, check the following:
In your BitcoinEra dashboard:
- Your Bybit balance is visible and correct
- The bot status shows as “Connected” or “Active”
- No error messages are displayed
In your Bybit API Management page:
- The API key shows recent activity in the timestamp column
- No unexpected access attempts are visible
Troubleshooting Common Bybit API Errors
“Authentication failed” or “Invalid API Key”
- Make sure you copied both the API Key and Secret Key without any extra spaces
- Verify that the key was created as “API Transaction” type
- Check that “Spot Trading” permission is enabled on the key
- Try deleting the key and creating a new one if the issue persists
“Insufficient permissions” error
- Go back to Bybit API Management
- Click on your API key to edit it
- Make sure “Spot Trading” is checked
- Save and reconnect
“IP address not authorized” error
- You’ve enabled IP restriction but the bot’s server IP isn’t on the approved list
- Go to API Management, edit the key, and add the correct IP address
- Or temporarily remove the IP restriction if you’re still testing
Secret Key is lost or forgotten
- There is no way to recover a lost Secret Key on Bybit
- Go to API Management and delete the existing key
- Create a brand new key following this guide from Step 3
- Reconnect the new key in your BitcoinEra dashboard
“This API key does not support Unified Trading Account”
- If your Bybit account is a Unified Trading Account, you may need to specifically enable unified account permissions when creating the key
- Look for a “Unified Account” toggle when setting permissions and enable it alongside Spot Trading
How to Delete a Bybit API Key
If you want to disconnect a bot permanently or rotate your API keys for security reasons:
- Go to bybit.com/app/user/api-management
- Find the API key you want to remove
- Click the “Delete” button next to it
- Complete the security verification (email + 2FA)
- The key is immediately invalidated
Your Bybit account and funds are completely unaffected. The bot simply loses the ability to place trades — nothing is cancelled, nothing is withdrawn.
Quick Reference — Correct Bybit API Permissions
| Permission | Should Be Enabled? |
|---|---|
| Read | ✅ Yes |
| Spot Trading | ✅ Yes |
| Derivatives Trading | ⚠️ Only if bot requires it |
| Copy Trading | ❌ No |
| Earn | ❌ No |
| Withdrawals | ❌ Never |
| Exchange | ❌ No |
Summary
Here’s everything we covered:
- What makes Bybit’s API system unique compared to other exchanges
- How to navigate to Bybit’s API Management page
- How to create a System-generated API key
- How to select the correct usage type — API Transaction
- Which permissions to enable and which to never touch
- How to save your Secret Key safely before closing the screen
- How to connect your Bybit API key to BitcoinEra
- How to troubleshoot the most common connection errors
⚠️ Risk Disclaimer: Trading cryptocurrencies involves significant risk of financial loss. Never enable withdrawal permissions on any API key connected to a trading bot. Past performance of any trading bot does not guarantee future results. Never invest more than you can afford to lose.
