Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/bullish-exchange/api-docs/llms.txt

Use this file to discover all available pages before exploring further.

Every authenticated request to the Bullish Trading API requires a JWT bearer token in the Authorization header. Tokens are valid for 24 hours and are issued by the Bullish login endpoints. The exact endpoint and request format differ depending on whether you are using an ECDSA or HMAC API key.
The nonce used in the login request payload is an epoch timestamp in seconds. This login API nonce is entirely separate from — and has no connection to — the BX-NONCE header nonce used in orders and other authenticated API requests.

Using the Token

Once you have obtained a JWT token, include it in every authenticated request as a bearer token:
Authorization: Bearer <JWT_TOKEN>
The token remains valid for 24 hours. After expiry you must log in again to obtain a new token.

Generating a JWT Token

POST /trading-api/v2/users/login

To generate a JWT token using an ECDSA API key, send a POST request to /trading-api/v2/users/login with the following body:Request body fields:
FieldDescription
publicKeyYour ECDSA public key. New line characters must be UNIX encoded (\n, not \r\n or \r).
userIdYour Bullish user ID, extracted by base64-decoding the metadata string of your ECDSA API key.
signatureA signed JSON string encoding of loginPayload. See the api-examples for how to compute this.
loginPayload.userIdYour Bullish user ID (same value as the top-level userId field).
loginPayload.nonceEpoch timestamp in seconds.
loginPayload.expirationTimeEpoch timestamp in seconds, set to 5 minutes in the future.
loginPayload.biometricsUsedSet to false.
loginPayload.sessionKeySet to null.
Request body:
{
  "publicKey": "<PUBLIC_KEY>",
  "signature": "<SIGNATURE>",
  "loginPayload": {
    "userId": "100008771",
    "nonce": 1638776636,
    "expirationTime": 1638776936,
    "biometricsUsed": false,
    "sessionKey": null
  }
}
Response:
{
  "authorizer": "<AUTHORIZER>",
  "token": "<JWT_TOKEN>"
}
The token value is your JWT bearer token. The authorizer value is used as the authorizer field in signed command payloads.See the generate JWT (ECDSA) Python sample script for a complete implementation.

Logging Out

Users can manage their active sessions by explicitly logging out. Call GET /trading-api/v1/users/logout with the JWT token in the Authorization header to invalidate the session. This is recommended when a session is no longer needed.

Code Examples

Sample Python scripts for generating JWT tokens are available in the official api-examples repository:

Build docs developers (and LLMs) love