Skip to main content
The Programmatic API enables partners to build integrations that create and manage user accounts, place orders on behalf of users, and operate with fine-grained access control — all through HMAC-authenticated API tokens with scoped permissions.
HMAC credentials contain a secret key and must only be used in backend or BFF environments. Never expose them in browser-side code.
Recommended setup for production integrations:
  • Store the real HMAC credentials on your backend. The tokenId and secret should never leave your server infrastructure.
  • Use the SDK server-side to sign partner-authenticated requests. All trading, account creation, and delegated signing calls should be made from your backend.
  • Expose only your own app-specific endpoints to the frontend. Your frontend talks to your backend API — your backend talks to the Limitless API.
  • Keep public market reads in the browser. Unauthenticated endpoints like market data and orderbooks can be called directly from the frontend.

Overview

The programmatic API introduces three capabilities:
CapabilityDescription
Scoped API tokensHMAC-SHA256 authenticated tokens with granular scopes (trading, account_creation, delegated_signing)
Partner sub-accountsCreate and manage user profiles linked to your partner account
Delegated signingSubmit orders without end users managing private keys — the server signs via a managed wallet

Partner lifecycle

1

Bootstrap your partner account

Create a standard Limitless account by logging in with your wallet at limitless.exchange. This gives you a profileId and wallet address.
2

Get partner capabilities enabled

Apply for programmatic API access. The team will review your application and enable token management and allowed scopes on your account.

Apply for Programmatic API Access

Fill out the partner application form to get started. You’ll need your Limitless wallet address from Step 1.
3

Derive a scoped API token

Authenticate with your Privy identity token and call POST /auth/api-tokens/derive to create a scoped token. The response includes a tokenId and secret — store the secret securely, it is only returned once.
import { Client, HMACCredentials } from '@limitless-exchange/sdk';

const client = new Client({
  baseURL: 'https://api.limitless.exchange',
});

const derived = await client.apiTokens.deriveToken(identityToken, {
  label: 'my-trading-bot',
  scopes: ['trading', 'account_creation', 'delegated_signing'],
});

const scopedClient = new Client({
  baseURL: 'https://api.limitless.exchange',
  hmacCredentials: {
    tokenId: derived.tokenId,
    secret: derived.secret,
  },
});
4

Create sub-accounts

Use the scoped token to create sub-accounts for your end users. Choose server wallet mode for Web2 integrations (delegated signing) or EOA mode for Web3 users who manage their own keys.
const account = await scopedClient.partnerAccounts.createAccount({
  displayName: 'user-alice',
  createServerWallet: true,
});
// account.profileId, account.account
5

Trade on behalf of sub-accounts

With the delegated_signing scope and server wallet accounts, submit unsigned orders — the server signs them automatically. Both GTC (limit) and FOK (market) order types are supported.GTC order — stays on the orderbook until filled or cancelled:
import { OrderType, Side } from '@limitless-exchange/sdk';

const gtcOrder = await scopedClient.delegatedOrders.createOrder({
  marketSlug: 'btc-100k',
  orderType: OrderType.GTC,
  onBehalfOf: account.profileId,
  args: {
    tokenId: market.tokens.yes,
    side: Side.BUY,
    price: 0.55,
    size: 10,
  },
});
FOK order — executes immediately at market price or is cancelled entirely:
const fokOrder = await scopedClient.delegatedOrders.createOrder({
  marketSlug: 'btc-100k',
  orderType: OrderType.FOK,
  onBehalfOf: account.profileId,
  args: {
    tokenId: market.tokens.yes,
    side: Side.BUY,
    makerAmount: 10, // spend 10 USDC
  },
});

Scopes

ScopeDescriptionSelf-service
tradingPlace and cancel orders. Default scope. Required base for delegated_signing.Yes
account_creationCreate sub-account profiles linked to the partner.Yes
delegated_signingServer signs orders on behalf of sub-accounts via managed wallets. Must be paired with trading.Yes
adminAccess admin-protected endpoints.No (admin-provisioned only)

Sub-account modes

Server wallet (Web2 partners)

Set createServerWallet: true when creating a sub-account. The server provisions a managed Privy wallet and links it to the profile. The partner submits unsigned orders and the server signs them via the managed wallet.

EOA (Web3 partners)

Omit createServerWallet or set it to false. The partner provides wallet ownership proof via x-account, x-signing-message, and x-signature headers. The end user signs their own orders with their private key.

Delegated order types

Delegated orders support two execution strategies:

GTC (Good Till Cancelled)

Limit orders that rest on the orderbook at a specified price until they are filled or explicitly cancelled. Use price and size to specify the order.
ParameterDescription
pricePrice between 0 and 1
sizeNumber of contracts

FOK (Fill or Kill)

Market orders that execute immediately at the best available price or are cancelled entirely — no partial fills. Instead of price and size, FOK orders use makerAmount.
ParameterDescription
makerAmountBUY: USDC amount to spend (e.g., 50 = spend $50 USDC). SELL: number of shares to sell (e.g., 18.64 = sell 18.64 shares).
import { OrderType, Side } from '@limitless-exchange/sdk';

// FOK BUY — spend 1 USDC at market price
const response = await scopedClient.delegatedOrders.createOrder({
  marketSlug: 'btc-100k',
  orderType: OrderType.FOK,
  onBehalfOf: account.profileId,
  args: {
    tokenId: market.tokens.yes,
    side: Side.BUY,
    makerAmount: 1,
  },
});

if (response.makerMatches?.length) {
  console.log(`Matched with ${response.makerMatches.length} fill(s)`);
} else {
  console.log('Not matched — cancelled automatically');
}

HMAC authentication

All day-to-day programmatic API calls use HMAC-SHA256 request signing. See the Authentication page for the signing protocol, canonical message format, and code examples.

API endpoints

EndpointAuthDescription
GET /auth/api-tokens/capabilitiesPrivyCheck partner capability configuration
POST /auth/api-tokens/derivePrivyCreate a scoped API token
GET /auth/api-tokensAnyList active tokens
DELETE /auth/api-tokens/{tokenId}AnyRevoke a token
POST /profiles/partner-accountsHMACCreate a sub-account
POST /ordersHMACPlace orders (with optional delegated signing)

SDK support

All three official SDKs provide built-in support for the programmatic API:

TypeScript

Client with hmacCredentials, ApiTokenService, PartnerAccountService, DelegatedOrderService

Python

Client with hmac_credentials, api_tokens, partner_accounts, delegated_orders

Go

Client with WithHMACCredentials, ApiTokens, PartnerAccounts, DelegatedOrders