Get started

Overview

Bitvavo offers two protocols for interacting with its platform: REST and WebSocket. Both protocols return JSON-encoded responses, and use standard HTTP status codes. However, each protocol is optimized for different use cases:

REST API

• Best suited for synchronous, request-response interactions.
• Client initiates every call, and the server responds with the requested data.

WebSocket API

• Ideal for real-time, event-driven communication.
• Once connected, the server continuously pushes updates to the client without requiring repeated requests.

Key Points

• Both APIs require authentication for any operations related to trading, transfers, or account management.
• Responses from both REST and WebSocket APIs follow the same JSON schema, ensuring consistency and ease of use.
• Standard HTTP status codes apply to REST responses, while WebSocket responses provide specific error codes or messages when applicable.
• Rate limits are enforced across both protocols to maintain optimal performance and stability.

By sharing the same API structure, you can choose REST or WebSocket for your use case, without worrying about inconsistencies in data structure or content.

Before you start

Before you start integrating, make sure you have:

• Signed up for a Bitvavo account
• Enabled two-factor authentication
• Created an API key and secret

Sign up for a Bitvavo account

Before you start building your trading app, make sure you have either a private or a corporate Bitvavo account.

• To sign up for a private account, go to the Bitvavo website. If you need help, see Creating an account.
• To sign up for a corporate account, contact [email protected] for more information about eligibility and the onboarding process

Create an API key and secret

1. Log in to your Bitvavo account.
2. Under your account, select Settings.
3. In the API tab, select Add new API key.
4. Enter:

• Your Name for the API key.
• Under IP Whitelist, the IP address from which you want to make API requests.
  tip

  Whitelisting your IP address prevents your account from being accessed if your API credential is stolen.

5. Select the permissions for your API key:

• Read-only: retrieve information about your account and transfers. For orders and trades, your API key must also have the Trade digital currencies permission.
• Trade digital assets: place, update, view, and cancel orders. For orders and trades information, your API key must also have the Read-only permission.
• Withdraw digital assets: withdraw your assets to an external cryptocurrency address or a verified bank account.
  warning

  Withdrawals made using Bitvavo API do not require 2FA and e-mail confirmation.

6. Enter the 2FA code and select Confirm.
   warning

   Make sure to store your API key and secret in a secure location. You cannot retrieve it later.