Create partner sub-account

curl --request POST \
  --url https://api.limitless.exchange/profiles/partner-accounts \
  --header 'Content-Type: application/json' \
  --header 'lmts-api-key: <api-key>' \
  --data '
{
  "displayName": "user-alice",
  "createServerWallet": false
}
'

{
  "profileId": 789,
  "account": "0x5aAeb6053F3E94C9b9A09f33669435E7Ef1BeAed"
}

Partner Accounts

Create Partner Sub-Account

Creates a new sub-account linked to the authenticated partner. Requires HMAC authentication with the account_creation scope.

Server wallet mode (createServerWallet: true): Creates a Privy server wallet and profile. The partner can then submit orders on behalf of this account using delegated signing.

EOA mode (default): Requires wallet ownership verification via x-account, x-signing-message, and x-signature headers. The end user signs their own orders.

POST

profiles

partner-accounts

Create partner sub-account

curl --request POST \
  --url https://api.limitless.exchange/profiles/partner-accounts \
  --header 'Content-Type: application/json' \
  --header 'lmts-api-key: <api-key>' \
  --data '
{
  "displayName": "user-alice",
  "createServerWallet": false
}
'

{
  "profileId": 789,
  "account": "0x5aAeb6053F3E94C9b9A09f33669435E7Ef1BeAed"
}

Requires HMAC authentication with the account_creation scope. API key auth and Privy auth are not accepted.

Creates a new sub-account profile linked to the authenticated partner.

Server wallet mode

Set createServerWallet: true to create a Privy server wallet for the sub-account. This enables delegated signing — the partner can submit unsigned orders and the server signs them using the managed wallet. Before the first delegated trade, call Check Partner Account Allowances. If any target is missing or failed with retryable=true, call Retry Partner Account Allowances, then poll the check endpoint again.

Server wallet creation requires the delegated_signing scope on your API token (in addition to account_creation). Without it, the request returns "Server wallet creation requires delegated_signing scope".

{
  "displayName": "user-bob",
  "createServerWallet": true
}

EOA mode

Omit createServerWallet (or set it to false) to create an account for an externally-owned address. The end user manages their own keys and signs their own orders. EOA mode requires three additional headers for wallet ownership verification:

Header	Description
`x-account`	Checksummed Ethereum address (EIP-55)
`x-signing-message`	Hex-encoded signing message obtained from `GET /auth/signing-message`
`x-signature`	Hex-encoded signature produced by signing the message with the wallet

Signing message format

The x-signing-message value is not the raw text — it is the hex-encoded UTF-8 representation of the message returned by GET /auth/signing-message. The raw text (which you sign) looks like:

Welcome to Limitless Exchange!

This request will not trigger a blockchain transaction or cost any gas fees.

Signature is required to authenticate an upcoming API request.

Nonce: 0x<keccak256-hash>

The full flow:

Fetch the signing message: GET /auth/signing-message → returns the plain-text message with a unique nonce.
Sign the plain-text message with the wallet (e.g. personal_sign / eth_sign).
Hex-encode the plain-text message: prepend 0x to the UTF-8 hex representation.
Send all three headers on the request.

import requests
from eth_account import Account
from eth_account.messages import encode_defunct

# 1. Fetch the signing message
signing_message = requests.get(f"{API_BASE_URL}/auth/signing-message").text

# 2. Sign the plain-text message
message = encode_defunct(text=signing_message)
signed = account.sign_message(message)

# 3. Hex-encode the message for the header
hex_message = "0x" + signing_message.encode("utf-8").hex()

# 4. Use in headers
headers = {
    "x-account": account.address,                # checksummed address
    "x-signing-message": hex_message,             # hex-encoded message
    "x-signature": "0x" + signed.signature.hex(), # hex-encoded signature
}

{
  "displayName": "user-alice"
}

Constraints

displayName is optional (max 44 characters). Defaults to the wallet address if omitted.
Returns 409 Conflict if a profile already exists for the target address.
Cannot create a sub-account for the partner’s own address.

Authorizations

lmts-api-key

string

header

required

Scoped API token with HMAC-SHA256 signing. Requires three headers: lmts-api-key (token ID), lmts-timestamp (ISO-8601), lmts-signature (Base64-encoded HMAC). See Authentication docs for details.

Headers

x-account

string

EOA mode only. Checksummed Ethereum address of the sub-account wallet.

x-signing-message

string

EOA mode only. Hex-encoded signing message.

x-signature

string

EOA mode only. Hex-encoded signature from the sub-account wallet.

Body

application/json

displayName

string

Public display name for the sub-account. Defaults to the wallet address if omitted.

Maximum string length: 44

Example:

"user-alice"

createServerWallet

boolean

default:false

If true, creates a Privy server wallet for the sub-account (enables delegated signing). If false or omitted, requires EOA wallet ownership headers.

Response

Sub-account created

profileId

integer

required

Profile ID of the created sub-account

Example:

789

account

string

required

Wallet address of the created sub-account

Example:

"0x5aAeb6053F3E94C9b9A09f33669435E7Ef1BeAed"

Revoke Token Check Partner Account Allowances

⌘I

Documentation Index

​Server wallet mode

​EOA mode

​Signing message format

​Constraints

Authorizations

Headers

Body

Response

Server wallet mode

EOA mode

Signing message format

Constraints