How to do Upstox API Authentication?

Developer API
1

Hi Upstox API users!

In this post, let’s take a look at how Upstox uses standard OAuth 2.0 for customer authentication and login.

Please note that all logins are handled by upstox.com. There is no public endpoint for other applications to directly log the customer into their upstox.com. For security and compliance purposes, all logins and logouts are handled exclusively by upstox.com.

api authentication
api authentication4444×6000 130 KB

Perform Authentication

The login window is a web page hosted at the following link.

https://api.upstox.com/v2/login/authorization/dialog

Your client application must trigger the opening of the above URL using Webview (or similar technology) and pass the following parameters:

Parameter Description
client_id The API key obtained during the app generation process.
redirect_uri The URL to which the user will be redirected post authentication; must match the URL provided during app generation.
state An optional parameter. If specified, will be returned after authentication, allowing for state continuity between request and callback.
response_type This value must always be code.

URL construction:

https://api.upstox.com/v2/login/authorization/dialog?response_type=code&client_id=<Your-API-Key-Here>&redirect_uri=<Your-Redirect-URI-Here>&state=<Your-Optional-State-Parameter-Here>

Sample URL:

https://api.upstox.com/v2/login/authorization/dialog?response_type=code&client_id=615b1297-d443-3b39-ba19-1927fbcdddc7&redirect_uri=https%3A%2F%2Fwww.trading.tech%2Flogin%2Fupstox-v2&state=RnJpIERlYyAxNiAyMDIyIDE1OjU4OjUxIEdNVCswNTMwIChJbmRpYSBTdGFuZGFyZCBUaW1lKQ%3D%3D

Receive Auth Code

Upon successful authentication, this API will redirect to the URL specified in the redirect_url parameter, with the code essential for the token generation included within the request parameters.

https://<redirect_uri>?code=mk404x&state=XX56849
Name Description
code Utilize this code to generate the access_token as part of the next step.
state Provided optionally if it was initially included in the request URL parameters.

Generate Access Token

Once you have authenticated with us, you will be redirected to your redirect URL with an authorization code. The parameter will come as code (query parameter).

NOTE

The authorization code is valid for a single use, regardless of whether the access token generation succeeds or encounters an issue.

The last step is to make a server-to-server call between your backend server and Upstox to get an access_token using the authorization code. This can be done by calling the following service:

https://api.upstox.com/v2/login/authorization/token

You will need to pass the following parameters:

Parameter Description
code The code is a unique parameter included in the URL upon a successful Authorize API authentication.
client_id The API key obtained during the app generation process.
client_secret The API secret obtained during the app generation process. This private key remains confidential, known only to the application and the authorization server.
redirect_uri The URL provided during app generation.
grant_type This value must always be authorization_code.

URL construction:

curl -X 'POST' 'https://api.upstox.com/v2/login/authorization/token' \-H 'accept: application/json' \-H 'Api-Version: 2.0' \-H 'Content-Type: application/x-www-form-urlencoded' \-d 'code=<Your-Auth-Code-Here>&client_id=<Your-API-Key-Here>&client_secret=<Your-API-Secret-Here>&redirect_uri=<Your-Redirect-URI-Here>&grant_type=authorization_code'

Finally this will return an access token for you. This access token can be successfully passed back to your front-end application to access the Upstox API.

If you have more questions about this, comment below and let us know! We would be happy to answer your query.

2

Hi,

This flow doesn’t seems to be working for me. I followed this Developer doc Authorize | Upstox Developer API

url = "https://api.upstox.com/v2/login/authorization/dialog"

params={
    "client_id": client_id,
    "redirect_uri": "https://localhost/",
    "response_type": "code",
}

response = requests.get(url, params=params)

The above URL follows a redirection to the below URL

https://login.upstox.com/login/v2/oauth/authorize?redirect_uri=https://api-v2.upstox.com/login/authorization/redirect&response_type=code&client_id=<REDACTED>&user_id=<REDACTED>&user_type=individual

Am I missing something here? I do not receive any code to be used with get token api

3

@kanishk619, Generating an auth code and generating accessing tokens using the auth code is a three-step process. The first two steps must be completed in a web browser:

  1. Perform Authentication: Access detailed instructions at Perform Authentication .
  2. Receive Auth Code: For this step, visit Receive Auth Code.
  3. Generate Access Token: Finally, to generate the access token, refer to Generate Access Token.

You will receive the auth code on the Redirect URL url in second step which need to be used in process of generating a access token in third step.

I recommend reviewing the documentation to better grasp the process here Authentication | Upstox Developer API

I trust this information will be useful.

4

@Pradeep_Jaiswar Thanks for replying to my query. As I mentioned in my post, I was following developer docs from Authorize | Upstox Developer API which says

Upon successful authentication, this API will redirect to the URL specified in the redirect_url parameter, with the code essential for the token generation included within the request parameters.

which confused me as I thought authorize api itself will redirect to

https://<redirect_uri>?code=mk404x&state=XX56849

Anyway, your provided information is appreciated and it helped solving my issue.

5

Glad to assist!

We’ve taken note of your feedback regarding the documentation.