Connecting a trading bot to Bybit takes less than 5 minutes — but most guides skip the security steps that matter most. This tutorial covers exactly what to click, which permissions to enable, and how to protect your account from the most common API security mistakes.

⚠️ Never enable Withdrawal permissions for a trading bot API key. There is no legitimate reason a bot needs to withdraw funds. If any platform asks for this, stop immediately.

What You Need Before You Start

Step-by-Step: Creating a Bybit API Key

1

Go to API Management

Log in to Bybit → click your avatar (top right) → Account & SecurityAPI Management. On the new Bybit EU site (bybit.eu), the path is the same.

2

Create New Key — choose System-Generated

Click Create New Key. Select System-generated API Key (not self-generated RSA — that's for institutional use). Give it a clear name like "Enliko Bot".

3

Set the right permissions

Enable exactly these and nothing else. See the permissions table below for what each one does.

PermissionEnable?Why
Read✓ YesFetch balances, positions, order history
Unified Trading✓ YesPlace and cancel orders on USDT perpetuals
Spot TradingOptionalOnly if you want spot trading automation
Withdraw✗ NeverNo trading bot ever needs this
Transfer✗ NoNot needed for order execution
Subaccount✗ NoOnly if managing multiple sub-accounts
4

Set IP whitelist (strongly recommended)

Enter the IP address of your trading platform's server. For Enliko, you can leave this blank on first setup and add it later — but adding a whitelist means the key only works from that specific IP, drastically reducing risk if the key is ever leaked.

5

Copy your API Key and Secret — store them safely

Bybit shows the API Secret only once. Copy both the API Key and the Secret, store them in a password manager (not a text file, not a screenshot). Then enter them in your trading platform.

✅ Done. Your API key is ready. It has no withdrawal permissions, can only trade futures, and optionally only works from your bot's IP.

Bybit Demo Account API — Test Without Risk

Bybit has a separate demo trading environment at demo.bybit.com with a dedicated API. This is different from the real account — it uses simulated funds but tracks real market prices.

To get a demo API key:

  1. Go to demo.bybit.com (separate login from your main account)
  2. Follow the exact same steps as above
  3. In Enliko, when adding your Bybit connection, select Demo account type
💡 Enliko supports both demo and real Bybit accounts simultaneously. You can run the same strategy on both — see how it performs in demo before letting it trade real funds.

Connecting to Enliko

Once you have your API key and secret:

  1. Open Enliko and log in
  2. Go to Settings → API Keys
  3. Click Add Bybit
  4. Paste your API Key and Secret
  5. Choose Real or Demo
  6. Click Save — Enliko will verify the connection immediately

That's it. Your strategies will now automatically route orders through your Bybit account.

Security Checklist Before Going Live

Common Errors and How to Fix Them

"Invalid API Key" error

The most common cause: you copied the API Key but not the Secret, or the Secret was truncated. API secrets are usually 48+ characters. Copy them fresh from Bybit's API management page (you may need to regenerate if you didn't save it).

"IP not in whitelist" error

Your bot is connecting from a different IP than the one you whitelisted. Update the whitelist in Bybit's API settings, or temporarily remove the IP restriction to test, then re-add it.

"Insufficient permissions" error

The key doesn't have Unified Trading enabled. Go back to Bybit API Management, find your key, click Edit, and enable the Unified Trading permission.

Ready to Automate Your Bybit Trading?

Connect your API key to Enliko and run strategies in demo mode for free. No coding required.

Connect Bybit Free
14-day free trial · Demo mode included · No credit card

Frequently Asked Questions

How do I create a Bybit API key for automated trading?

Go to Bybit → Account & Security → API Management → Create New Key → select System-generated → enable Read and Unified Trading permissions → save and copy the key and secret immediately.

Is it safe to connect a trading bot to my Bybit account?

Yes, with proper precautions: never enable withdrawal permissions, whitelist the bot's IP, use a dedicated sub-account with limited funds, and only use reputable platforms that encrypt your API keys.

Can I use one Bybit API key for multiple trading bots?

Technically yes, but not recommended — it makes it harder to revoke access if one bot is compromised. Create a separate API key per platform, so you can revoke them independently.

What happens if my Bybit API key is leaked?

If you followed security best practices (no withdrawal permission, IP whitelist, sub-account), the attacker can only trade — not withdraw. Go immediately to Bybit API Management and delete the compromised key, then generate a new one.