API FAQ

1. Where can I generate an API key?

Please refer to the API Key Creation Guide for a detailed, step-by-step walkthrough on generating your keys.

 

2. Do API keys expire? 

Toobit implements an expiration policy based on your security settings to protect your account. API keys created without IP restrictions will automatically expire every 90 days, requiring you to generate new ones to continue service. However, keys configured with a whitelist of trusted IP addresses (up to a maximum of 15 per key) do not expire. We strongly recommend using IP whitelisting to ensure both the security and uninterrupted stability of your integration.

 

3. Can I modify the permissions of an existing API key?

By default, all new API keys are created with read-only access. While you can enable "trade" (write) permissions during or after creation, this feature is restricted to traders who have completed advanced identity verification. Traders without advanced identity verification can only utilize read-only keys for market data and account monitoring.

4. Do I have to complete identity verification (KYC) to use the API?

The KYC requirement depends on your intended level of API access:

• Read-only access: KYC is not required.

• Read/write access: Traders must complete advanced KYC to enable trading and withdrawal permissions.

5. I am a Toobit affiliate. Do I have a specific API setup?

The initial API setup process is the same for all traders. You can generate your API keys via the API Management section of your account.

 

As a Toobit affiliate, you are entitled to exclusive endpoints and advanced reporting features not available to standard traders.

• To access full affiliate documentation: Please reach out directly to your dedicated Business Development (BD) representative.

• For technical integration support: Your BD rep can provide the specific endpoint URLs and authentication schemas required for affiliate-specific data.

6. I’ve lost my API Secret. What should I do? 

For your protection, your API Secret is only displayed once during the moment of creation and is hidden immediately thereafter. It cannot be retrieved if lost. If your secret is lost or compromised, you must:

Delete the old API key immediately in your API management settings.

Generate a new API key pair.

Update your applications with the new credentials.

7. What is the API endpoint base URL?

https://api.toobit.com

8. Does the API support WebSocket connections? 

Yes. We provide a WebSocket API for real-time data streams. Please refer to the WebSocket API Documentation for connection details and available streams.

     

9. Where can I find API error codes?

A comprehensive list of error codes can be found in our Error Codes Documentation.

 

10. Does Toobit provide a testnet/sandbox environment for API integration?

We currently do not offer a dedicated external testnet environment. However, you can safely test your API integration and trading logic using Demo Trading pairs on our production environment. This allows you to simulate trades without using real assets while using the same API architecture.

 

11. Does the API allow order placement based on USDT value, rather than the number of contracts, for futures trading?

Yes, the API supports both methods. You can place futures orders by specifying either the number of contracts or the USDT value (or both). See details here.

12. What are the API rate limits? 

The /api/v1/exchangeInfo rateLimits array contains objects related to the exchange's REQUEST_WEIGHT and ORDERS rate limits. See details here. 

13. What is the data format for requests and responses?

All endpoints return either a JSON object or a JSON array.