TiltlessTILTLESS
View pricing

Updated: 2026-02-14

How to Create a Bybit API Key

Create a read-only API key in Bybit to connect your perpetual, spot, and options trades to Tiltless. This guide covers key creation, permission scoping, IP binding, and security best practices.

Create Your API Key

Log in to your Bybit account and navigate to Account & Security > API Management. Click 'Create New Key' and choose 'System-generated API Keys.'

Bybit will ask you to complete two-factor authentication before the key is created. Label the key descriptively (e.g., 'Tiltless Read-Only') so you can identify it later.

  • Open Account & Security > API Management in Bybit
  • Click 'Create New Key' and select 'System-generated API Keys'
  • Complete two-factor authentication when prompted
  • Label the key (e.g., 'Tiltless Read-Only')

Set Read-Only Permissions

Bybit offers 'Read-Only' and 'Read-Write' permission levels. Select 'Read-Only.' This gives access to trade history, order data, and position information — but cannot execute trades or move funds.

Read-only is the only permission scope Tiltless requires. There is no reason for a trading journal to have write access to your exchange account.

  • Select: 'Read-Only' — access to trade history and account data
  • Do not select: 'Read-Write' — Tiltless does not place orders
  • Leave all trading, withdrawal, and transfer permissions disabled

Bind to Trusted IPs

Bybit allows you to bind API keys to specific IP addresses. This is optional but recommended — it ensures the key only works from approved addresses.

If you skip IP binding, the key works from any IP. For a read-only key this is low risk, but IP binding adds defense-in-depth.

Copy and Store Your Credentials

After creating the key, Bybit shows your API key and API secret. Copy both values immediately — Bybit will not show the secret again after you leave this page.

Paste the key and secret into Tiltless under your integration settings. Tiltless encrypts both values at rest.

  • Copy the API key (public identifier)
  • Copy the API secret (shown only once — save it now)
  • Paste both into Tiltless to complete the connection

Security Best Practices

API keys are credentials. Treat them with the same care as a password.

  • Never share your API secret outside of trusted integrations
  • Use read-only permissions — a journal should never have trade execution access
  • Enable IP binding to limit where the key can be used
  • Revoke and replace any key you suspect has been compromised
  • Rotate keys periodically — delete the old key and create a fresh one
  • Do not store API secrets in plain text, screenshots, or shared documents

Troubleshooting

If your connection fails after entering credentials, check these common issues.

  • Verify the API secret was copied completely — it is long and easy to truncate
  • Confirm 'Read-Only' permission is selected in API Management
  • Check IP binding settings if the key is IP-locked
  • Ensure the key has not expired or been revoked
  • Try creating a new key if the existing one continues to fail

Related Resources

Bybit integration overview

Crypto trading journal guide

Position size calculator

PnL calculator

Funding rate calculator

FAQ

?Where do I find API settings in Bybit?

Go to Account & Security > API Management in your Bybit account. You can also access it from the profile menu under API.

?What permissions should I enable?

Select 'Read-Only' when creating the key. Do not enable 'Read-Write' or any trading, withdrawal, or transfer permissions. Tiltless only reads trade history.

?Does one API key work for Unified Trading Account and Classic Account?

Yes. A single Bybit API key covers all product types within your account structure — whether you use UTA or Classic Account mode.

?Is it safe to share my Bybit API key with Tiltless?

Yes, when scoped to read-only. A read-only key cannot execute trades, transfer funds, or modify your account. Tiltless encrypts your credentials at rest.

?What if my API key is leaked?

Revoke it immediately in Bybit under API Management. A read-only key cannot move funds, but you should still revoke and replace any compromised credential. Create a new key and update it in Tiltless.

?Can I restrict the API key to specific IP addresses?

Yes. Bybit supports IP binding for API keys. Adding your IP address provides an extra layer of security — the key only works from approved addresses.

?How do I revoke a Bybit API key?

Go to Account & Security > API Management, find the key, and delete it. The key stops working immediately. Tiltless retains imported data but stops syncing.

?Does the API key expire?

Bybit API keys can be set with or without an expiration. For ongoing sync with Tiltless, create a key without expiration or set a long duration and rotate it periodically.

Connect Bybit and start reviewing trades

Paste your read-only API key into Tiltless and your trades sync automatically. Under two minutes to set up.

View plans
How to Create a Bybit API Key (Read-Only) | Tiltless