Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tiagosiebler/bybit-api/llms.txt

Use this file to discover all available pages before exploring further.

The bybit-api SDK is primarily designed for Node.js, but it can be used in browser-based projects through two approaches. The direct import method is the modern approach, suitable for TypeScript and React projects that use a bundler such as Vite or webpack 5. The webpack bundle method produces a pre-built UMD file you can include with a <script> tag on any webpage.
Never embed live API keys or secrets in client-side browser code. Any user who inspects your JavaScript bundle or network traffic can read them. Use a server-side proxy for all private authenticated endpoints, and only use the browser client for public market data.

Approach 1: Direct Import (Modern)

This approach lets you import bybit-api directly into a TypeScript or JavaScript frontend project. A Node.js stream polyfill is required because the SDK has a transitive dependency on the Node.js stream module, which is not available natively in browsers.
1
Install the stream polyfill
2
npm install stream-browserify
3
Configure tsconfig.json path mapping
4
Add a paths entry to your tsconfig.json so the TypeScript compiler and your bundler resolve stream to the browser-compatible polyfill:
5
{
  "compilerOptions": {
    "paths": {
      "stream": [
        "./node_modules/stream-browserify"
      ]
    }
  }
}
6
Add the global polyfill
7
Browsers do not define a global variable the way Node.js does. Declare it in your application’s entry point or polyfills file (for example polyfills.ts in Angular, or the top of main.ts/index.ts in other frameworks):
8
(window as any).global = window;
9
Import and use the client
10
With the polyfill in place, import bybit-api exactly as you would in Node.js:
11
import { RestClientV5, WebsocketClient } from 'bybit-api';

// Public REST call — no credentials needed
const client = new RestClientV5();

const orderbook = await client.getOrderbook({
  category: 'linear',
  symbol: 'BTCUSDT',
});

console.log('Orderbook:', orderbook.result);
The https.Agent-based keep-alive feature (keepAlive: true) is Node.js-only and is automatically excluded from browser builds via the webpack fallback configuration in the SDK. Browser connection pooling is handled natively by the browser.

Approach 2: Webpack Bundle (Legacy)

This is the traditional way to use bybit-api on a webpage without a module bundler in the frontend project. The SDK repository includes a webpack configuration that produces a minified UMD bundle.
1
Clone the repository and install dependencies
2
git clone https://github.com/tiagosiebler/bybit-api.git
cd bybit-api
npm install
3
Build the TypeScript source
4
npm run build
5
Bundle with webpack
6
npm run pack
7
The output file bybitapi.js (and its source map) will be written to the dist/ directory at the root of the repository.
8
Include the bundle in your HTML
9
<script src="dist/bybitapi.js"></script>
<script>
  // The UMD bundle exposes the library under the global 'bybitapi' name
  const client = new bybitapi.RestClientV5();

  client.getOrderbook({ category: 'linear', symbol: 'BTCUSDT' })
    .then(result => console.log('Orderbook:', result))
    .catch(err => console.error('Error:', err));
</script>
The webpack configuration targets UMD (libraryTarget: 'umd'), which means the bundle works as a <script> tag include, a CommonJS require(), or an AMD define() module.

What the webpack config excludes

The SDK’s webpack configuration explicitly disables the Node.js http and https modules via the resolve.fallback option: 
fallback: {
  "http": false,
  "https": false,
}
This means the keepAlive option (which uses https.Agent) is not available in the webpack bundle. All other REST and WebSocket features work as normal.

Security Considerations

Use a proxy server for private endpoints

Route any request that requires API credentials through a backend server you control. Your server holds the API key and secret, signs the request, and forwards it to Bybit. The browser only ever communicates with your own server.

Public endpoints are safe to call directly

Endpoints that do not require authentication — such as market data, orderbooks, and klines — can be called directly from the browser without exposing credentials.

Restrict API key permissions and IPs

If you must use credentials in a browser context during development or testing, create a dedicated API key with minimal permissions and IP restrictions. Revoke it as soon as it is no longer needed.

Configuration

Full reference for RestClientV5 and WebsocketClient options

Environments

Use testnet or demo trading for development

Build docs developers (and LLMs) love

Get started for freeTalk to us