Skip to main content
POST
Build withdraw payload
Lighter requires the wallet to be a registered account before any trade/withdraw action.If the EOA has never deposited on Lighter, this endpoint will fail. First-time setup is a two-step prerequisite:
  1. Deposit ≥ 5 USDC via /2/perp/payloads/deposit → Lighter creates an accountIndex on-chain once the bridge settles. (5 USDC is a Lighter requirement, not a Mobula limit.)
  2. Provision API key + auth token via /2/perp/payloads/create-account using that accountIndex.
Read the Build Create-Account Payload page for the full setup flow including how to discover the accountIndex after a deposit.
Lighter-only. Gains withdraws collateral by closing positions — there is no separate withdraw endpoint. Skip this for Gains.
Moves free USDC from the user’s Lighter account back to their wallet. Only free margin (not locked by open positions/orders) can be withdrawn.

Lighter withdraw payload shape

The response’s payloadStr is an envelope whose payload includes an L1 authorization challenge:
Client workflow (Lighter):
  1. Parse payloadStr.
  2. Sign payload.MessageToSign with the user’s wallet (standard EIP-191 personal_sign).
  3. Set the resulting hex on payload.L1Sig and delete payload.MessageToSign.
  4. Re-stringify the envelope → finalPayloadStr.
  5. Sign `api/2/perp/execute-v2-${timestamp}-${finalPayloadStr}` and call /2/perp/execute-v2 with that payloadStr (no top-level signedTx).

Request Body

dex
string
required
Must be lighter.
chainId
string
required
Lighter chain (e.g., lighter:301).
amountUsdc
string
required
USDC amount as a decimal string (e.g., "100"). Must be positive.

Authentication

Every /2/perp/payloads/<action> endpoint verifies the caller by requiring two extra fields in the request body alongside the action parameters:
timestamp
number
required
Unix timestamp in milliseconds. Must be within 30 seconds of server time. Older timestamps are rejected to prevent replay.
signature
string
required
Hex signature (EIP-191 personal_sign) of the message `${endpoint}-${timestamp}`, where endpoint is the path of this endpoint without the leading slash (e.g., for this page: api/2/perp/payloads/<this-action>). The recovered signer address becomes the user for the request. Single-use — replay returns 403 signature already used.

Authentication errors

Statusmessage
403timestamp expired — timestamp older than 30s
403signature already used — replay attempt
400zod validation failedtimestamp/signature shape invalid

Response envelope

Every /2/perp/payloads/<action> endpoint returns the same envelope shape. You pass these fields verbatim into POST /2/perp/execute-v2 to execute the action.
Top-level shape. Successful (2xx) responses return { data: { ... } }. A success: true flag is only present inside the body of execute-v2’s response, not on the payload-build endpoints. Parse defensively: read body.data, then check for the action-specific fields you need (e.g. data.payloadStr).
data
object

Endpoint-specific errors

Statusmessage
400withdraw payload generation failed — insufficient free margin or DEX refusal

Example — Lighter withdraw 100 USDC

Body

application/json
timestamp
number
required
signature
string
required
dex
enum<string>
required
Available options:
lighter
chainId
string
required

Lighter chain (e.g., lighter:301).

amountUsdc
string
required

USDC amount as a decimal string. Must be positive.

Response

200 - application/json

Canonical payload envelope

success
boolean
required
data
object
required