Bit2Me

The Bit2Me connector lets a Sigil agent read pockets / transactions / prices on a Bit2Me Exchange account and (with the Treasury Agent on top) execute trades and withdrawals.

API key setup

In Bit2Me’s customer console, create an API key with these scopes:

• Read — always required.
• Trade — required for treasury_buy / treasury_sell.
• Withdraw — required for treasury_withdraw. (Note: Bit2Me’s documentation claims this scope bypasses 2FA but the API still enforces TOTP on crypto withdrawals — see below.)

Paste label + key + secret in the Sigil portal under /connectors → Bit2Me. The secret is KMS envelope-encrypted with AAD bound to the connection id.

TOTP

Crypto withdrawals on Bit2Me require a TOTP code on the X-TOTP header in addition to the API key + HMAC signature, even with the Withdraw scope.

The operator switches their Bit2Me 2FA from SMS to Google Authenticator, copies the base32 seed Bit2Me shows during setup, and pastes it into Sigil:

• At connection creation time: optional fourth field on the API-key form.
• Later: TOTP button in the connection row in /connectors.

Sigil:

1. Encrypts the seed with the same KMS envelope path as the API secret.
2. Generates a fresh 6-digit code (RFC 6238, HMAC-SHA1, 30 s step) on every non-GET request.
3. Wipes the seed bytes from memory after each use.

The portal also exposes a “Show current code” button so operators can verify the seed during Bit2Me’s setup (“enter a code to confirm”) step without opening Google Authenticator in parallel.

Tools (read-only)

Tool	Notes
bit2me_list_pockets	All currency pockets on the account.
bit2me_get_pocket(currency)	Single pocket by currency code.
bit2me_list_transactions(currency?, limit?)	Recent transactions, optionally filtered.
bit2me_get_price(from, to)	Indicative rate. Used before sizing trades.
bit2me_get_deposit_address(currency, network)	The Bit2Me-side deposit address for funding the account from an external wallet.

Write tools (treasury_buy, treasury_sell, treasury_withdraw) ship with the Treasury Agent template — see Treasury Agent. They are not exposed to non-Treasury agents; trading and withdrawals must go through the gated policy surface.

Auto-pocket creation

treasury_buy and treasury_sell resolve the destination pocket via findOrCreatePocket. If no pocket exists for the destination currency (e.g. buying USDC for the first time), Sigil creates one named "Treasury <CCY>". Pockets are zero-balance until funded; creation has no financial side effect.

treasury_withdraw does not auto-create — withdrawing from a non-existent (and therefore empty) pocket makes no sense and would surface a confusing error.

Wallet shortcut

If the agent has a Sigil wallet bound, the reserved destination_label: "agent_wallet" on treasury_withdraw resolves to the wallet’s address. The LLM still has to supply currency and network because a single Sigil wallet address (for EVM curves) is valid across multiple chains.

Signature details

The adapter signs every request per Bit2Me’s docs:

preimage   = body ? `${nonce}:${path}:${body}` : `${nonce}:${path}`
innerHash  = SHA-256(preimage)
signature  = base64(HMAC-SHA512(api_secret, innerHash))

Headers sent: X-API-KEY, x-nonce, api-signature, plus X-TOTP + x-totp-type: gauth when the seed is present and the request is not a GET.

The nonce is unix_ms * 1024 + per_process_counter so concurrent signings inside the same millisecond never collide.

Note

Production base URL is gateway.bit2me.com. Not api.bit2me.com — that hostname returns the marketing site and trips a confusing invalid character '<' JSON parse error.