Before You Start
To connect Bybit to QARI you need two things already in place. First, a verified Bybit account with identity verification (KYC) completed. Second, a USDT balance in your Bybit spot wallet. QARI trades using whatever USDT you have available, so you need at least enough to cover your planned per-trade allocation.
Checklist before you begin
- Bybit account created and email verified
- Identity verification (KYC) completed on Bybit
- Two-factor authentication (2FA) enabled on Bybit
- USDT deposited to your Bybit spot wallet
- QARI account created and logged in
Step 1: Create Your API Key
Log in to your Bybit account and navigate to the API key management page. The exact path is:
- 1
Click "Create New Key" on the API Management page.
- 2
Select "System-generated API Keys" (not HMAC). Bybit will generate the key pair for you.
- 3
Set the API Key Name to something you will recognise, for example: QARI-Trading.
- 4
Leave the key type as "Read-Write" so QARI can place and manage orders.
Step 2: Configure Permissions
Bybit will show you a list of permission categories. Configure them exactly as follows. Getting this wrong is the most common setup mistake.
WARNING: Never enable withdrawal permissions
QARI never needs and never requests withdrawal permissions. Enabling withdrawals on any API key you share with any service is a serious security risk. If you are ever asked to enable withdrawals, do not proceed.
Read (Account Info, Positions, Balances)
ENABLESpot Trading (Place and Cancel Orders)
ENABLEDerivatives / Futures Trading
DISABLEWithdraw
DISABLETransfer Between Sub-accounts
DISABLEWallet Operations
DISABLEStep 3: Add IP Whitelist
IP whitelisting restricts your API key so it can only be used from the QARI server. This is a critical security step. Even if someone obtained your API key, they could not use it from any other server.
On the Bybit API creation page, look for the "Bind IP Addresses" or "IP Restriction" field. Add the following IP address:
QARI Server IP
api.qari.trade
If Bybit requires a numeric IP address rather than a hostname, check your QARI dashboard under Settings. The current server IP is displayed there in case it ever changes.
Step 4: Paste into Dashboard
After you click "Confirm" on Bybit, you will see your API Key and Secret displayed once. Bybit will not show you the Secret again after you close this page. Copy both values immediately.
- 1
Copy your API Key (a long alphanumeric string).
- 2
Copy your API Secret (displayed immediately after creation).
- 3
Open your QARI dashboard at app.qari.trade.
- 4
Navigate to Settings, then select the "Exchange" tab.
- 5
Click "Connect Exchange" and choose Bybit from the list.
- 6
Paste your API Key and Secret into the fields provided.
- 7
Click "Save Connection".
Important: QARI never stores your secret in plaintext
Your API Secret is encrypted using AES-256-GCM before being stored. The secret is decrypted only in memory immediately before a trade is placed and is never written to logs or returned to any client.
Step 5: Verify Connection
After saving, QARI immediately tests your API key by making a read-only call to your Bybit account. The connection status indicator in your dashboard will update to one of three states.
Connected
Everything is working. QARI can read your balance and place spot orders.
Invalid Credentials
The API Key or Secret is incorrect. Return to Bybit, delete this key, and create a new one.
Permissions Error
The key exists but does not have the correct permissions. Check that Spot Trading is enabled and that no required permissions are missing.
Once your connection shows "Connected", you are ready to configure your risk parameters. See the next guide: Setting your risk parameters.