Skip to main content

Can I withdraw through the API without an OTP Token?

  • Updated

Address Book entries can now allow API initiated withdrawals to skip providing a otpToken

Historically we have required a 2fa code to be present on all API withdrawal requests, which for customers wishing to fully automate withdrawals has required the TOTP secret to be embedded in systems that otherwise would not require it. In order to improve this situation, it is now possible to add an Address Book entry with the checkbox “Skip two-factor authentication” checked:

  

This will show as Skip2FA “Pending” in the Address Book. 

Once created, an email is sent to the user with a unique link to one-time approve the addition of the address.

 

After approval, the API /user/requestWithdrawal endpoint will no longer require the otpToken to be provided for withdrawals to that address. As usual, the API key must have been created with the withdrawal permission flag set.

 

It is also possible to add entries to the address book using the API - this can be done in the case of a service provider who wishes to automatically suggest address book entries for a BitMEX customer. Once requested, the email seeking approval is sent by BitMEX to the customer. It is possible for the external service  to query the address book using an API token and check the entries, if the 2fa flag is set, and if it has been enabled by the user. 

 

This should allow customers to improve the security of systems making automated withdrawals.

Related articles

This website is operated by HDR Global Trading Limited, a company incorporated under the International Business Companies Act of 1994 of the Republic of Seychelles with a company number of 148707 and registered address at Global Gateway 8, Rue de la Perle, Providence Mahé, Seychelles (“HDR”). HDR wholly owns BitMEX, a Bitcoin-based trading platform.


Access to trading or holding positions on BitMEX is prohibited for any person or entity that is located, incorporated or otherwise established in, or a citizen or a resident of: (i) the United States of America, Québec (Canada), the Hong Kong Special Administrative Region of the People’s Republic of China, the Republic of Seychelles, Bermuda, Cuba, Crimea and Sevastopol, Iran, Syria, North Korea or Sudan; (ii) any state, country or other jurisdiction that is embargoed by the United States of America; or (iii) any other jurisdiction where the services offered by BitMEX are restricted (collectively “Restricted Jurisdictions”). If it is determined that any BitMEX user has given false representations as to their location, incorporation, establishment, citizenship or residence, or HDR detects a user is from a Restricted Jurisdiction as described above, HDR reserves the right to immediately close their accounts and liquidate any open positions. HDR may, in its sole discretion, implement controls to restrict access to the BitMEX trading platform in any of the Restricted Jurisdictions.