Jun 08, 20266 min read

Share |

Bybit error 10006: params timestamp illegal — why it happens and how to fix it

When Bybit returns error 10006 "params timestamp illegal": why your trading bot's requests are rejected, the difference from Binance -1021, and the clock sync that prevents it.

Free download: Exchange API ban prevention runbook. Jump to the download section.

Bybit error 10006 with message "params timestamp illegal" means your request timestamp is outside Bybit's allowed time window.

It is functionally similar to Binance -1021 but with important differences in error handling, recvWindow defaults, and recovery behavior. If you handle both exchanges in the same bot, you need exchange-specific timestamp validation.

This post sits in the Crypto Automation hub and the Crypto Automation category.

If you only do three things

Bybit's default timestamp tolerance is 5000ms (5 seconds), but the error message is less descriptive than Binance. Log the actual timestamp sent vs Bybit server time.
Sync NTP every 5-15 minutes. Bybit error 10006 appears suddenly when cumulative drift exceeds the window—same root cause as Binance -1021.
Stop retrying on 10006. Fix the clock. Retrying with drift makes the error persist and can trigger rate limiting on top of the timestamp issue.

Fast triage table (what to check first)

Symptom	Likely cause	Confirm fast	First safe move
10006 on all signed endpoints, started suddenly	System clock drifted	Compare `date +%s` with Bybit server time via `GET /v5/market/time`	Sync NTP; stop signed requests until clock is stable
10006 only on some instances	Per-instance clock drift	Compare timestamps across instances at the same second	Fix NTP config per instance
10006 intermittently	recvWindow too small; clock jitter	Check recvWindow setting; log timestamp sent vs Bybit time	Increase recvWindow; check NTP interval
10006 + 10001 (invalid API key)	Clock drift AND key issue	Both errors appear; 10006 from time, 10001 from key	Fix clock first; then verify Bybit API key and permissions
10006 after bot restart	Fresh container/VM without NTP	Check `date` on boot; base images often lack NTP	Add NTP to startup script

What Bybit error 10006 actually means

Bybit's error 10006 is documented as "params timestamp illegal."

code

{
  "retCode": 10006,
  "retMsg": "params timestamp illegal",
  "result": {},
  "retExtInfo": {},
  "time": 1717000000000
}

It means the timestamp field in your signed request differs from Bybit's server time by more than the allowed window (default 5000ms). Bybit compares your timestamp parameter with its own server clock and rejects requests outside the tolerance.

Bybit vs Binance: key differences

Aspect	Bybit (error 10006)	Binance (error -1021)
Error code	10006	-1021
Error message	"params timestamp illegal"	"Timestamp for this request is outside the recvWindow"
Default tolerance	5000ms	5000ms
recvWindow parameter	Supported in request	Supported in request
Timestamp format	Unix millis	Unix millis
Server time endpoint	GET /v5/market/time	GET /api/v3/time
Recovery suggestion	Fix clock + verify timestamp param	Fix clock + increase recvWindow

The practical difference is error messaging. Binance tells you directly that the timestamp is outside recvWindow. Bybit says "params timestamp illegal" which is less specific. Your bot should log the actual clock offset regardless.

Common causes

1) Clock drift (most common)

Same as Binance -1021: your system clock drifted past the tolerance window. See Binance -1021: timestamp outside recvWindow for the detailed drift mechanics.

2) Wrong timestamp unit

Bybit expects Unix time in milliseconds. If your code sends seconds (or nanoseconds), the timestamp will be far outside the window.

javascript

// Correct (milliseconds)
const timestamp = Date.now(); // -> 1717000000000
 
// Wrong (seconds) — far outside window
const timestamp = Math.floor(Date.now() / 1000); // -> 1717000000 -- ~50 years off

3) Fresh timestamp per request not being used

If your code reuses a cached timestamp or generates it before an async delay, the timestamp can be stale by the time the request reaches Bybit.

4) recvWindow set too low

Bybit supports recvWindow in the request body. If you set it to 1000 or lower, even small clock jitter triggers 10006.

How to fix 10006

1) Check clock offset against Bybit

bash

# Get your current Unix timestamp (milliseconds)
python -c "import time; print(int(time.time() * 1000))"
 
# Get Bybit server time
curl -s https://api.bybit.com/v5/market/time | python -c "import sys,json; print(json.load(sys.stdin)['time'])"

Compare the two values. If the difference exceeds your recvWindow (default 5000ms), your clock is the cause.

2) Sync NTP

bash

# Linux
sudo ntpdate -u pool.ntp.org
sudo systemctl restart systemd-timesyncd

3) Verify timestamp unit is milliseconds

javascript

// Bybit signed request — correct timestamp format
const timestamp = Date.now(); // milliseconds
const recvWindow = 5000;
 
const params = {
  category: 'spot',
  symbol: 'BTCUSDT',
  side: 'Buy',
  orderType: 'Limit',
  qty: '0.001',
  price: '50000',
  timeInForce: 'GTC',
  timestamp: timestamp,
  recvWindow: recvWindow,
  sign: signature
};

4) Add recvWindow as a safety buffer

Always include recvWindow in your signed requests. Bybit's default is 5000ms. Keep it at 5000 unless you have a specific reason to change it.

What NOT to do on 10006

Do not retry blindly

Error 10006 will persist until the clock is fixed. Retrying with drift is wasted work that can trigger rate limiting.

Do not confuse 10006 with other Bybit errors

Error	Meaning	Action
10001	Invalid API key	Verify key + secret match
10003	Invalid signature	Check signing method (HMAC/Ed25519)
10004	Permission denied	Check key permissions in Bybit UI
10006	Timestamp illegal	Fix clock, check timestamp format
10028	Rate limit exceeded	Backoff

If you treat 10006 like 10028 (rate limit) and just backoff, your requests will keep failing until the clock is fixed.

What to log

If you cannot answer these questions after a 10006 event, you are guessing:

What was the clock offset (local time vs Bybit server time)?
Was the timestamp in seconds or milliseconds?
Was the offset consistent across all instances?
Was the error intermittent or persistent?

Log per signed request:

ts
bot_instance_id
exchange (bybit)
endpoint
method
ret_code (10006)
ret_msg (params timestamp illegal)
local_timestamp_ms
server_timestamp_ms (from Bybit time endpoint)
offset_ms
recvWindow_configured
timestamp_unit (ms | s)

Shipped asset

Download

Free

Exchange API ban prevention runbook: Bybit + Binance + Kraken + Coinbase

Exchange-specific error handling, clock monitoring setup, and ban prevention playbooks for multi-exchange trading bots.

Get the runbook

When to use this (fit check)

You run bots across multiple exchanges (Bybit + Binance + Kraken + Coinbase).
You want exchange-specific error tables, recvWindow defaults, and recovery steps.
You need consistent clock monitoring across all exchange integrations.

When NOT to use this (yet)

You only trade on one exchange and already have working error handling.
You don't log per-request clock offset and cannot trend drift over time.

What you get (3 files):

exchange-error-reference.md: error codes table for Binance, Bybit, Kraken, Coinbase with recovery actions
clock-monitoring-setup.md: drift detection and alerting thresholds
ban-prevention-checklist.md: operational checklist for multi-exchange bots

Timestamp Drift Checker — Check your clock drift against Bybit, Binance, Kraken, Coinbase and other exchange server times.
Exchange Error Lookup — Look up Bybit error 10006, Binance -1021, and 25+ exchange error codes with recovery actions.

Resources

Checklist (copy/paste)

NTP sync is configured and running on all instances.
Timestamps are in milliseconds (Date.now(), not seconds).
Each signed request uses a fresh timestamp (no caching or reuse).
recvWindow is set to 5000 (default) on all signed requests.
Clock offset (local vs Bybit server) is logged per signed request.
10006 is treated as a STOP rule: fix clock first, then resume.
Error 10006 is handled separately from 10001, 10003, 10004, and 10028.
Post-deploy health check verifies clock sync.

Key takeaways

Bybit error 10006 "params timestamp illegal" means your request timestamp is outside the allowed window (default 5000ms).
Same root cause as Binance -1021: clock drift. Less descriptive error message, same fix: sync NTP.
Verify your timestamp is in milliseconds, not seconds. Seconds sends a value ~50 years off.
Treat 10006 as a stop rule: fix the clock first, then resume signed requests.
Log clock offset per request and distinguish 10006 from other Bybit auth errors (10001, 10003, 10004).
Use the Timestamp Drift Checker and Exchange Error Lookup to diagnose cross-exchange timestamp issues.

Recommended resources

Download the shipped checklist/templates for this post.

Exchange API ban prevention runbookFree

Operational checklist to keep trading bots alive: auth hygiene, throttling, retries, circuit breakers, and incident steps.

resource

Automation > CryptoJun 07, 2026

Binance error -1021: timestamp for this request is outside the recvWindow

When your trading bot flips from working to "timestamp for this request is outside the recvWindow": why Binance rejects valid signatures after clock drift, and the time calibration that prevents -1021.

Automation > CryptoJan 09, 2026

Signature invalid but bot was working: why clock drift breaks auth suddenly

When bot gets signature invalid or 401 after working fine for hours: why clock drift breaks exchange auth suddenly, and the time calibration that prevents it.

Automation > CryptoJun 06, 2026

WebSocket closed with 1006: why trading bots lose connection without an error code

When WebSocket drops with 1006 abnormal closure and no close frame: why trading bots see 1006 instead of a clean close, and the reconnect strategy that handles it without guessing.

Next step

Exchange API reliability, rate limiting, timestamp drift, and bot architecture patterns.

Explore Crypto Automation →