These endpoints cover the full lifecycle of moving funds into and out of your Bullish Exchange custody account. You can retrieve deposit addresses for crypto and fiat, look up your whitelisted withdrawal destinations, and submit withdrawal requests. All endpoints require authentication via a bearer token, and the withdrawal submission endpoint additionally requires an ECDSA signature in the request header. All custody endpoints share a rate limit of 40 requests per IP, per minute across allDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/bullish-exchange/api-docs/llms.txt
Use this file to discover all available pages before exploring further.
/wallets/* routes.
Custody endpoints use a non-multiplied asset format for long-decimal assets. Where the Trading API uses
SHIB1M or PEPE1M, custody endpoints use the real-world symbols SHIB and PEPE. See the Bullish Help Centre for full details.- Crypto
- Fiat
GET /trading-api/v1/wallets/deposit-instructions/crypto/
Returns the on-chain deposit address (and optional memo or destination tag) for a given crypto asset. Send funds to the returned address on the correct network to credit your Bullish account.Request parameters
Bearer token generated with an ECDSA API key.Example:
Bearer <jwt_token>Crypto asset symbol in non-multiplied custody format.Example:
BTC, ETH, USDC, SHIBResponse fields
The response is an array of deposit instruction objects. Multiple entries may be returned when an asset is supported across more than one network.Network on which the deposit address is valid, e.g.
ETH, BTC, SOL.Asset symbol, e.g.
USDC, BTC, ETH.On-chain address to send funds to.Example:
0xb0a64d976972d87b0783eeb1ff88306cd1891f02Optional memo or destination tag required by certain networks (e.g. XRP, XLM). Include this value when sending funds or the deposit may not be credited.Example:
925891241Example request
Example response
GET /trading-api/v1/wallets/withdrawal-instructions/crypto/
Returns the list of whitelisted crypto withdrawal destinations for a given asset. Each entry includes the destination ID, network address, and the withdrawal fee that will be charged.All withdrawal addresses must be whitelisted via the Bullish website before any digital asset withdrawal can be processed. If you attempt a withdrawal to a non-whitelisted address, the request will fail.
Request parameters
Bearer token generated with an ECDSA API key.Example:
Bearer <jwt_token>Crypto asset symbol in non-multiplied custody format.Example:
BTC, ETH, USDCResponse fields
The response is an array of withdrawal instruction objects, one per whitelisted destination.Network for this withdrawal destination, e.g.
ETH, BTC.Asset symbol, e.g.
USDC, BTC.Whitelisted on-chain address.Example:
0xb0a64d976972d87b0783eeb1ff88306cd1891f02Withdrawal fee charged in units of the symbol (not smaller denominations).Example:
3.00Optional memo or destination tag that will be included in the on-chain transaction.Example:
MZAXEMRXAUser-provided descriptive label for this destination address.Example:
Our cold walletBullish-issued identifier for this whitelisted destination. Use this value in the
POST /wallets/withdrawal request body.Example: 1560ec0b406c0d909bb9f5f827dd6aa14a1f638884f33a2a3134878102e78038Example request
Example response
POST /trading-api/v1/wallets/withdrawal
Submits a withdrawal request for either crypto or fiat. The destination must already be whitelisted on the Bullish website. This endpoint requires both a bearer token and aBX-SIGNATURE header signed with your ECDSA private key.
Constructing the BX-SIGNATURE header
TheBX-SIGNATURE header is an ECDSA signature over a canonical string built from the request. To construct it:
-
Concatenate the following fields into a single string (no separators):
timestamp— current epoch milliseconds, e.g.1697008474031nonce— a UUID to protect against replay attacks, e.g.255241a1-2cde-4954-87b1-13beef547960request method— e.g.POSTrequest path— e.g./trading-api/v1/wallets/withdrawalrequest body JSON string— with all spaces and newline characters removed
-
Hash the concatenated string using SHA-256 and sign the hexdigest with your
PRIVATE_KEY. -
DER-encode the signature and then Base64-encode the DER-encoded result. This Base64 string is your
BX-SIGNATURE.
Request parameters
Bearer token generated with an ECDSA API key.Example:
Bearer <jwt_token>Base64-encoded DER-encoded ECDSA signature over the canonical request string. See construction steps above.
Request body
Current epoch time in milliseconds as a string.Example:
"1697008474031"A UUID withdrawal nonce to protect against replay attacks. It is recommended to reuse the same value as the nonce in the
BX-SIGNATURE header.Example: "255241a1-2cde-4954-87b1-13beef547960"JWT authorizer string obtained alongside your JWT token during the login flow.
The withdrawal command object.
Response fields
Human-readable description of the withdrawal status.Example:
Withdrawal acceptedNumeric status reason code. See the Error & Rejection Codes reference for the full list.Example:
1001Unique identifier for tracking this withdrawal in the transaction history.Example:
DB:9e6304a08c9cc2a33e6bc6429a088eae2a6b940c8e312aede3a3780257b9b979