Connect a Bybit API key

Live execution on the whale tier requires a read-plus-trade API key from your own Bybit account. Keys are encrypted with AES-GCM under the per-install master key before they hit the database — our engineers cannot read the secret, and we never enable withdrawals.

1. Create the key on Bybit

1. Sign in to Bybit and open Account → API.
2. Click Create New Key → System-generated API Keys.
3. Give the key a name like tmiyc-live so you can audit it later.
4. Permissions:
   • Contract — tick Orders and Positions. Do not tick Transfer.
   • Spot — tick Trade and Orders if you want spot bots.
   • Wallet / Withdraw — leave unchecked (this is a hard rule; TMIYC refuses any key with withdraw rights).
5. IP whitelist: add 95.85.237.203 (our executor host). IP-locked keys are strongly recommended; rotate quarterly.
6. Save the API Key and API Secret immediately — Bybit only shows the secret once.

2. Paste the key into TMIYC

1. Open Settings → Exchanges → Bybit.
2. Paste the key + secret and pick mainnet or testnet.
3. Click Verify. We place a tiny test call (GET /v5/account/wallet-balance) and confirm the key has the expected permissions. On success you'll see a green check and the balance mirror.
4. Optionally add a trading budget cap so bots never size above a fraction of the account.

3. Wire the key to a bot

From Bots → pick one → Settings → Execution venue, choose the Bybit connection you just added. The bot starts paused — click Go live when you're ready. The first live order is always a dry-run to confirm routing.

Revoking

If you ever suspect the key leaked, revoke it on Bybit first, then remove it from TMIYC (Settings → Exchanges → Bybit → Remove). The bots using it will auto-pause and flip back to paper mode.

Need help? Open a ticket from the chat bubble — include the bot id and a timestamp; never paste the secret.