Hello folks! 
The initial framework for the “Algo-trading” regulations is out! Link here.
While we are interpreting the framework/regulations, I’m just putting this out here for you guys to view/access it.
I’ll share a detailed drill down on what would change and be impacted over the coming weekend.
Till then, happy trading!
Best,
Mohit
Team Upstox
If my algo places one order per second then do I need to register my algo?
Yu may not need to register but need to have static IP
You don’t need to register the app; however, as per the circular, you must have a static IP address (which will be needed during app creation or editing). Additionally, all orders must originate from this static IP.
While we are working on supporting static IP and other functionalities - this circular came out 2 days ago so we’re also in the process of understanding it + implementing it.
We’re also trying our best to ingest this massive circular and adhere to it as fast as possible without much disruption to everyone else.
Apologies ahead of time for the sudden stream of changes.
Please also tell me, how to register my algo to trade more than 10 orders per second?
Also, how does a static IP requirement work if it is just my mobile app that calls the Upstox APIs and does the algo trading? [Note that this app would be just for my personal use, and there would be a manual step involved where I would confirm the trade by tapping the appropriate button in the app]
Are you saying you have custom built mobile app using APi?
Not ready yet, still developing..
@RAJAT_1756382 The order must originate from the static IP that you specify while creating or updating your API app. Ideally, the order should be routed through a backend infrastructure where a static IP can be configured. I suggest setting up a lightweight backend service to handle and route your orders accordingly.
Based on my understanding, achieving this directly from a mobile device could be challenging unless you have a reliable way to control and route the traffic through a static IP.
@Kamal_48935205 We’re in touch with the exchange regarding this process as well. As a broker, we also need to register our API product with the exchange. We’ll share an official communication on this soon. Please stay tuned to this thread for updates.
Thanks @Pradeep_Jaiswar for the explanation. This helps and I will re-architect my solution accordingly.
Will order cancel request also fall under the 10 OPS limit?
@Kamal_48935205 Yes, as per the guidelines in the circular.
Static IP Whitelisting Process - Potential Misuse and Suggested Improvements
Current Process Understanding:
Identified Issue:
The current implementation has a significant vulnerability where:
Real-world Impact:
Suggested Solutions:
1. IP Ownership Verification Process
Require users to access the registration portal FROM the IP address they wish to register
Only allow registration when the request originates from the claimed IP address
2. API Call Verification
Allow IP registration through web portal but mark as “Pending Verification”
Require at least one successful API call from the registered IP within 24-48 hours to confirm registration
Auto-expire unverified registrations after the timeout period
3. Active Usage Validation
Implement periodic validation (monthly/quarterly) requiring API activity from registered IPs
Auto-deregister IPs with no trading activity for extended periods
Send advance notifications before deregistration
4. Dispute Resolution Mechanism
Provide a process for users to claim ownership of their legitimate IP addresses
Require documentation (ISP letters, network configuration proofs) for disputed IPs
Allow override of existing registrations with proper verification
5. Enhanced Registration Flow
Step 1: User submits IP via web portal (from any location)
Step 2: System generates unique verification token
Step 3: User must access verification URL from the claimed IP address
Step 4: System confirms IP ownership and completes registration
Questions for Clarification:
Is there any current mechanism to handle IP address disputes?
Can you implement real-time IP verification during the registration process?
Is there a possibility to add IP ownership validation through API calls?
Request:
Please consider implementing enhanced IP validation mechanisms to prevent misuse while ensuring legitimate users can register their IP addresses without unnecessary obstacles.
Looking forward to your response and potential improvements to this critical security process.
Any update on personal algo registration process to get more than 10 order per second limit @Pradeep_Jaiswar @MohitGolecha ??
@Kamal_48935205 We are in discussions with the exchange regarding this process and will publish a step-by-step document soon.