Holdix
FeaturesSecurityLearnFAQ
Sign In
Get Started
LearnHow to create Bybit API keys
Connections

How to create Bybit API keys

Create a read-only Bybit API key with the correct permissions to connect your account.

Overview

Connecting Bybit requires a read-only API key. Holdix only ever reads your balances — it never places orders, withdraws funds, or performs any write operations. You should always use the most restrictive permissions possible.

Step 1 — Open API Management

Log in to Bybit and go to: Account & Security → API Management → Create New Key Choose "System-generated API Keys" when prompted.

Step 2 — Set key type to Read-Only

On the permissions screen, set the API key type to "Read-Only". This is the most important step — it prevents the key from ever being used to trade or withdraw, even if it were compromised.

Step 3 — Enable the right permissions

Under "Unified Trading", enable Read access. That's the only permission required. Do NOT enable: — Trade (order placement) — Withdrawal — Account Transfer — Sub-account Transfer Leave everything else unchecked.

Understanding Bybit permission scopes

Bybit splits permissions across two namespaces that are easy to confuse: "Assets" permission — covers cross-account operations under /v5/asset/: deposit history, withdrawals, and transfers between sub-accounts. This is NOT what we need. "Unified Trade" read — covers single-account data under /v5/account/: wallet balances, positions, and trade history. This IS what we need. If you enable only "Assets" and not "Unified Trade", the connection will fail with error 10005 (Permission denied) because the wallet balance endpoint lives under /v5/account/, not /v5/asset/.

Step 4 — IP restriction (optional but recommended)

For extra security, you can restrict the API key to specific IP addresses. If you're running Holdix on a fixed server or VPN, add its IP here. Leave unrestricted if you access the app from multiple locations.

Step 5 — Save your credentials

Copy both the API Key and API Secret immediately after creation — Bybit only shows the secret once. Paste them into the "Connect Exchange" dialog in Holdix. Your credentials are encrypted with AES-256-GCM before being stored. The plaintext values are never saved.

Troubleshooting error 10005

Error 10005 means the API key is missing a required permission. The most common causes: 1. Only "Assets" was enabled, but "Unified Trade" read was not. 2. The key was created as read-write but with no permissions checked — read-write alone is not enough. 3. The key was created for a sub-account but is being used against the main account endpoint. Fix: regenerate the key and ensure "Unified Trade → Read" is enabled.

PreviousHow to create OKX API keysNextHow to create WhiteBIT API keys

Related Articles

How to create Binance API keys

Create a read-only Binance API key to connect your account securely.

How to create OKX API keys

Create a read-only OKX API key with a passphrase to connect your account.

How to create WhiteBIT API keys

Create a read-only WhiteBIT API key with the correct permissions to connect your account.

Ready to Try Holdix?

Track your portfolio, set rebalancing targets, and generate reports — completely free.

Get Started Free
Try the Demo
Holdix

Your individual portrait of personal finances.

Product

  • Dashboard
  • Features
  • Security
  • Learn Center

Company

  • About
  • Contact
  • Changelog

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy

© 2026 Holdix. All rights reserved.