All requests to the By Bits API endpoints need to be authenticated. By Bits provides two forms of authentication, one for development and programmatic services, and the other for policyholder authentication within the App.

Developer authentication

Developer authentication uses API keys to authenticate requests. API keys are allocated when you sign up to By Bits, and you can view and manage them in the By Bits admin console. This authentication will be used for your core API interactions, and uses /auth/keys.

To authenticate requests for core API interactions your client_id and client_secret keys need to be added to the headers of the requests, along with the environment (production or sandbox). If no environment is given, it will defaults to sandbox.

Remember, you should never share your keys publicly.

{
    "url": "https://api.bybits.co.uk/policys/100",
    "headers": {
        "client_secret": "11111-22222-33333-44444",
        "client_id": "11111-22222-33333-44444",
        "environment": "sandbox"
    },
    "method": "GET"
}

Policyholder authentication

Policyholder authentication uses OAuth to authenticate requests via username and password. This type of authentication will only return data for the authenticated policy holder. This is used to provide login functionality on mobile or web applications, and uses /auth/token.

The policyholder APIs use token-based authentication where a bearer token is scoped to return information about only one policy. This token needs to be added to the headers of the API requests, along with the environment (production or sandbox). If no environment is given, it will default to sandbox.

This token will expire after 24 hours and can be used publicly.

{
    "url": "https://api.bybits.co.uk/policys/100",
    "headers": {
        "authorization": "Bearer adbce-23456-fghij-78901",
        "environment": "sandbox"
    },
    "method": "GET"
}