Skip to main content
POST
/
orders
/
cancel
Cancel Order (Combined)
curl --request POST \
  --url https://api.limitless.exchange/orders/cancel \
  --header 'Content-Type: application/json' \
  --header 'lmts-api-key: <api-key>' \
  --data '
{
  "orderId": "6f52b6d2-6c9e-4a5c-8a4f-28ab4b7ff203",
  "clientOrderId": "partner-order-001"
}
'
{
  "message": "Order canceled successfully"
}
Cancel one order by either the internal orderId or the clientOrderId supplied when creating the order. Provide exactly one identifier. Requests with both identifiers or neither identifier return 400 Bad Request.
DELETE /orders/{orderId} remains supported for existing integrations that cancel only by internal order ID.

Authentication

Cancelling is not EIP-712 signed. Unlike placing an order, you do not include a signature in the request. Cancellation is an off-chain operation that removes the resting order from the book, so it applies to any order type (GTC, FAK) regardless of how it was signed.
  • Scope: the trading scope covers both placing and cancelling. No extra scope is needed to cancel your own orders.
  • Auth: HMAC (apiToken), Privy, or session, same as placing.

Cancelling a sub-account’s orders (partner flow)

If you placed an order with onBehalfOf (so it is owned by a managed sub-account, not your partner profile), cancel it through your partner token with the onBehalfOf query parameter:
POST /orders/cancel?onBehalfOf=<subProfileId>
This on-behalf-of path additionally requires the delegated_signing scope on your partner token. The scope is reused as the authorization gate for acting on a sub-account; it does not mean the order must be server-signed, and it works for EOA sub-accounts that signed their own orders. See Delegated Signing.
The HMAC signature must be computed over the full path including the query string, so sign /orders/cancel?onBehalfOf=42, not /orders/cancel. See Authentication.

Authorizations

lmts-api-key
string
header
required

Scoped API token with HMAC-SHA256 signing. Requires three headers: lmts-api-key (token ID), lmts-timestamp (ISO-8601), lmts-signature (Base64-encoded HMAC). See Authentication docs for details.

Body

application/json
orderId
string<uuid>
required

Internal order ID. Provide exactly one of orderId or clientOrderId.

Example:

"6f52b6d2-6c9e-4a5c-8a4f-28ab4b7ff203"

clientOrderId
string

Client-provided order ID from order creation. Provide exactly one of orderId or clientOrderId.

Maximum string length: 128
Example:

"partner-order-001"

Response

Order successfully cancelled

message
string
required

Confirmation message for the cancelled order

Example:

"Order canceled successfully"