Every authenticated request to the Bullish Trading API requires a JWT bearer token in theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/bullish-exchange/api-docs/llms.txt
Use this file to discover all available pages before exploring further.
Authorization header. Tokens are valid for 24 hours and are issued by the Bullish login endpoints. The exact endpoint and request format differ depending on whether you are using an ECDSA or HMAC API key.
The
nonce used in the login request payload is an epoch timestamp in seconds. This login API nonce is entirely separate from — and has no connection to — the BX-NONCE header nonce used in orders and other authenticated API requests.Using the Token
Once you have obtained a JWT token, include it in every authenticated request as a bearer token:Generating a JWT Token
- ECDSA API Key
- HMAC API Key
POST /trading-api/v2/users/login
To generate a JWT token using an ECDSA API key, send aPOST request to /trading-api/v2/users/login with the following body:Request body fields:| Field | Description |
|---|---|
publicKey | Your ECDSA public key. New line characters must be UNIX encoded (\n, not \r\n or \r). |
userId | Your Bullish user ID, extracted by base64-decoding the metadata string of your ECDSA API key. |
signature | A signed JSON string encoding of loginPayload. See the api-examples for how to compute this. |
loginPayload.userId | Your Bullish user ID (same value as the top-level userId field). |
loginPayload.nonce | Epoch timestamp in seconds. |
loginPayload.expirationTime | Epoch timestamp in seconds, set to 5 minutes in the future. |
loginPayload.biometricsUsed | Set to false. |
loginPayload.sessionKey | Set to null. |
token value is your JWT bearer token. The authorizer value is used as the authorizer field in signed command payloads.See the generate JWT (ECDSA) Python sample script for a complete implementation.Logging Out
Users can manage their active sessions by explicitly logging out. CallGET /trading-api/v1/users/logout with the JWT token in the Authorization header to invalidate the session. This is recommended when a session is no longer needed.
Code Examples
Sample Python scripts for generating JWT tokens are available in the official api-examples repository:generate_jwt_ecdsa.py— ECDSA-based logingenerate_jwt_hmac.py— HMAC-based loginget_trading_accounts.py— Fetching trading account IDs after login