Here's a guide to walk you through the steps to integrate with the OAuth system as a broker. It consists of five (5) phases: pre-setup requirements, Bybit authorization, successful authorization redirection, token requests, and user information requests. Follow the steps below to ensure smooth integration.

Phase 1: Pre-setup Requirements

1. Bybit Account UID: Contact the Broker Management team to provide your Bybit account UID and obtain approval for OAuth integration.

2. Submit Broker Information: Once approved, visit Bybit OAuth Admin to submit your broker information.

Key Parameters for OAuth Configuration:

• App Homepage: The redirect URL where users will be sent after authorization. Ensure it's correct and matches the one provided during the pre-setup process.

• OpenAPI IP: This refers to the IPs that your OpenAPI is bound to. Incorrect information may prevent API use.

Response Parameters:

• client_id: Your unique broker ID.

• client_secret: Your secret key.

Phase 2: Bybit Authorization Procedure

To authorize users through Bybit, you must direct them to Bybit's OAuth page, typically through a pop-up window, for login verification and authorization.

Authorization Page Details:

• URL:

  • Mainnet: Bybit OAuth

  • Testnet: Bybit Testnet OAuth

• METHOD: GET

• Required Parameters:

  • client_id: Your unique broker ID.

  • response_type: 'code' for authorization via code (recommended), or 'token' for authorization via token.

  • scope: Permission range for this authorization (e.g., 'openapi, openapai').

  • state: Optional status indicator, the same value will be returned by Bybit server.

  • redirect_uri: URL for redirection after authorization (must match the one provided during creation).

Authorization Outcomes:

• Success: The user is redirected back to your platform with a 302 HTTP status code.

• Failure or Cancellation: The pop-up remains on the Bybit page.

Phase 3: Redirection After Successful Authorization (Code Mode)

After successful authorization, you are redirected to your platform with the authorization code.

Redirection Details:

• URL: Redirect URI provided during setup.

• METHOD: GET

• HTTP Status: 302 Found

• Required Parameters:

  • client_id: Your unique broker ID.

  • code: The authorization code.

If you cancel the verification process, the redirection will still occur. However, this will not be the case if you close the pop-up window.

Phase 4: Requesting Authorization Token

This phase involves requesting the authorization token using the authorization code.

Token Request Details:

• URL:

  • Mainnet: Bybit Access Token

  • Testnet: Bybit Testnet Access Token

• METHOD: POST (form data)

• Parameters:

  • client_id: Your unique broker ID.

  • client_secret: Your secret key.

  • code: The authorization code obtained from Phase 3.

Phase 5: Requesting User Information

After obtaining an access token, you can request user information, including Bybit UID and OpenAPI details.

Requesting Bybit UID:

• URL: /oauth/v1/resource/restrict/uid_bearer

• METHOD: GET

• Request Headers: Authorization: Bearer <access_token>

• Expected Response: JSON with ret_code = 0 and ret_msg = "success", indicating success.

Requesting OpenAPI Key and Secret:

• URL: /oauth/v1/resource/restrict/openapi

• METHOD: GET

• Request Headers: Authorization: Bearer <access_token>

• Expected Response: JSON with api_key and api_secret.