Connecting a trading bot to Bybit takes less than 5 minutes — but most guides skip the security steps that matter most. This tutorial covers exactly what to click, which permissions to enable, and how to protect your account from the most common API security mistakes.
What You Need Before You Start
- A verified Bybit account (KYC completed)
- Funds in your Unified Trading Account
- A trading platform like Enliko that accepts Bybit API keys
Step-by-Step: Creating a Bybit API Key
Go to API Management
Log in to Bybit → click your avatar (top right) → Account & Security → API Management. On the new Bybit EU site (bybit.eu), the path is the same.
Create New Key — choose System-Generated
Click Create New Key. Select System-generated API Key (not self-generated RSA — that's for institutional use). Give it a clear name like "Enliko Bot".
Set the right permissions
Enable exactly these and nothing else. See the permissions table below for what each one does.
| Permission | Enable? | Why |
|---|---|---|
| Read | ✓ Yes | Fetch balances, positions, order history |
| Unified Trading | ✓ Yes | Place and cancel orders on USDT perpetuals |
| Spot Trading | Optional | Only if you want spot trading automation |
| Withdraw | ✗ Never | No trading bot ever needs this |
| Transfer | ✗ No | Not needed for order execution |
| Subaccount | ✗ No | Only if managing multiple sub-accounts |
Set IP whitelist (strongly recommended)
Enter the IP address of your trading platform's server. For Enliko, you can leave this blank on first setup and add it later — but adding a whitelist means the key only works from that specific IP, drastically reducing risk if the key is ever leaked.
Copy your API Key and Secret — store them safely
Bybit shows the API Secret only once. Copy both the API Key and the Secret, store them in a password manager (not a text file, not a screenshot). Then enter them in your trading platform.
Bybit Demo Account API — Test Without Risk
Bybit has a separate demo trading environment at demo.bybit.com with a dedicated API. This is different from the real account — it uses simulated funds but tracks real market prices.
To get a demo API key:
- Go to demo.bybit.com (separate login from your main account)
- Follow the exact same steps as above
- In Enliko, when adding your Bybit connection, select Demo account type
Connecting to Enliko
Once you have your API key and secret:
- Open Enliko and log in
- Go to Settings → API Keys
- Click Add Bybit
- Paste your API Key and Secret
- Choose Real or Demo
- Click Save — Enliko will verify the connection immediately
That's it. Your strategies will now automatically route orders through your Bybit account.
Security Checklist Before Going Live
- ✅ No withdrawal permissions on the API key
- ✅ IP whitelist set (or noted as a to-do)
- ✅ API secret stored in a password manager, not plain text
- ✅ Using a sub-account with limited funds for the bot
- ✅ 2FA enabled on your main Bybit account
- ✅ Tested with demo account first before using real funds
Common Errors and How to Fix Them
"Invalid API Key" error
The most common cause: you copied the API Key but not the Secret, or the Secret was truncated. API secrets are usually 48+ characters. Copy them fresh from Bybit's API management page (you may need to regenerate if you didn't save it).
"IP not in whitelist" error
Your bot is connecting from a different IP than the one you whitelisted. Update the whitelist in Bybit's API settings, or temporarily remove the IP restriction to test, then re-add it.
"Insufficient permissions" error
The key doesn't have Unified Trading enabled. Go back to Bybit API Management, find your key, click Edit, and enable the Unified Trading permission.
Ready to Automate Your Bybit Trading?
Connect your API key to Enliko and run strategies in demo mode for free. No coding required.
Connect Bybit FreeFrequently Asked Questions
How do I create a Bybit API key for automated trading?
Go to Bybit → Account & Security → API Management → Create New Key → select System-generated → enable Read and Unified Trading permissions → save and copy the key and secret immediately.
Is it safe to connect a trading bot to my Bybit account?
Yes, with proper precautions: never enable withdrawal permissions, whitelist the bot's IP, use a dedicated sub-account with limited funds, and only use reputable platforms that encrypt your API keys.
Can I use one Bybit API key for multiple trading bots?
Technically yes, but not recommended — it makes it harder to revoke access if one bot is compromised. Create a separate API key per platform, so you can revoke them independently.
What happens if my Bybit API key is leaked?
If you followed security best practices (no withdrawal permission, IP whitelist, sub-account), the attacker can only trade — not withdraw. Go immediately to Bybit API Management and delete the compromised key, then generate a new one.