Unable to place orders via API - receiving 401 Unauthorized with errorcode UDAPI100050

Developer API
1

Our application can successfully authenticate and access all read APIs (profile, LTP, quotes, funds, positions, instruments), but order placement consistently returns 401 Unauthorized with error code UDAPI100050.
Endpoint Tested #1 (v3 API):
POST https://api-hft.upstox.com/v3/order/place

Endpoint Tested #2 (v2 API):
POST https://api-hft.upstox.com/v2/order/place

Request Headers:
Authorization: Bearer {access_token}
Accept: application/json
Content-Type: application/json

Request Payload:
{
“instrument_token”: “NSE_EQ|INE002A01018”,
“quantity”: 1,
“transaction_type”: “BUY”,
“order_type”: “LIMIT”,
“product”: “I”,
“validity”: “DAY”,
“price”: 1.0,
“trigger_price”: 0.0,
“disclosed_quantity”: 0,
“is_amo”: false
}

================================================================================
EXACT ERROR RESPONSE

HTTP Status Code: 401 Unauthorized

Response Body (v3 API):
{
“status”: “error”,
“errors”: [
{
“errorCode”: “UDAPI100050”,
“message”: “Invalid token used to access API”,
“propertyPath”: null,
“invalidValue”: null,
“error_code”: “UDAPI100050”,
“property_path”: null,
“invalid_value”: null
}
]
}

Response Body (v2 API):
{
“status”: “error”,
“errors”: [
{
“errorCode”: “UDAPI100050”,
“message”: “Invalid token used to access API”,
“propertyPath”: null,
“invalidValue”: null,
“error_code”: “UDAPI100050”,
“property_path”: null,
“invalid_value”: null
}
]
}

The following APIs work perfectly with the SAME access token:

✓ Authentication APIs

  • GET /v2/user/profile → 200 OK
  • GET /v2/user/get-funds-and-margin → 200 OK

✓ Market Data APIs

  • GET /v3/market-quote/ltp → 200 OK
  • GET /v2/market-quote/quotes → 200 OK

✓ Portfolio APIs

  • GET /v2/portfolio/short-term-positions → 200 OK
  • GET /v2/portfolio/long-term-holdings → 200 OK

✓ Order History APIs

  • GET /v2/order/retrieve-all → 200 OK

✓ Instrument APIs

  • GET /v2/market-quote/instrument → 200 OK

✗ Order Placement APIs

  • POST /v3/order/place (v3) → 401 Unauthorized
  • POST /v2/order/place (v2) → 401 Unauthorized

Both endpoints return identical error: UDAPI100050

Tried with sdk also, same error.

================================================================================
QUESTIONS FOR SUPPORT

  1. Does the access token need specific scope/permissions for order placement?

    • If yes, what scope parameter should be included during OAuth authorization?

  2. Is there a separate API key permission setting required?

    • Are there different permission levels for read vs write operations?

  3. Is there a difference between v3 API and v2 API permissions?

    • Do they require different authorization?

  4. Account Type Verification:

    • Does order placement require a specific account type?

  5. API Key Configuration:

    • Should we regenerate the API key with specific permissions?
    • Is there an app approval process for trading permissions?
2

Hi @HIMANSHU_1323249 This shouldn’t be happening—the same access token should work for the order placement API as well. Could you please share your 6-digit UCC ?

3

HI @Anand_Sajankar. 406129

4

@HIMANSHU_1323249 It appears that you’re passing an incorrect or malformed access token. double check while passing it in order APIs.

You can also refer to the description for details regarding access token expiration. Get Token | Upstox Developer API

If it’s still not working, you can DM me the complete cURL request for investigate further.

5

import os

import requests

from dotenv import load_dotenv

# Load credentials

load_dotenv(“config/.env”)

ACCESS_TOKEN = os.getenv(“UPSTOX_ACCESS_TOKEN”)

if not ACCESS_TOKEN:

print("Error: UPSTOX_ACCESS_TOKEN not found in .env")

exit(1)

url = “https://api-hft.upstox.com/v3/order/place

payload = {

"instrument_token": "NSE_EQ|INE002A01018",  *# Reliance EQ*

"quantity": 1,

"transaction_type": "BUY",

"order_type": "MARKET",

"product": "I",  *# Intraday*

"validity": "DAY",

"price": 0.0,

"trigger_price": 0.0,

"disclosed_quantity": 0,

"is_amo": False

}

headers = {

'accept': 'application/json',

'Content-Type': 'application/json',

'Authorization': **f**'Bearer {ACCESS_TOKEN}'

}

response = requests.post(url, headers=headers, json=payload)

print(f"Status: {response.status_code}")

print(f"Response: {response.text}")

Status: 401

Response: {“status”:“error”,“errors”:[{“errorCode”:“UDAPI100050”,“message”:“Invalid token used to access API”,“propertyPath”:null,“invalidValue”:null,“error_code”:“UDAPI100050”,“property_path”:null,“invalid_value”:null}]}

6

@Anand_Sajankar Still awaiting response

7

Hi @HIMANSHU_1323249, As the error message indicates that an invalid token is being passed, you’ll need to debug this issue. Please try printing the access_token before calling the order placement API, decode the token on jwt.io, and verify whether it’s valid.

You can also try printing with other APIs and compare the access token.

Also, try using the cURL request below with your access token.

curl --location 'https://api-hft.upstox.com/v3/order/place' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer {your_access_token}' \
--data '{
  "quantity": 1,
  "product": "I",
  "validity": "DAY",
  "price": 0,
  "tag": "string",
  "instrument_token": "NSE_EQ|INE002A01018",
  "order_type": "MARKET",
  "transaction_type": "BUY",
  "disclosed_quantity": 0,
  "trigger_price": 0,
  "is_amo": false,
  "slice": true
}'
8

Hi @Anand_Sajankar,

I tried everything, as I told same is working for all other API’s only issue is with order placement.

Below is the response for the cURL shared by you.

Request either check from your end or resolve over a screensharing session.

Status: 401
Response: {‘status’: ‘error’, ‘errors’: [{‘errorCode’: ‘UDAPI100050’, ‘message’: ‘Invalid token used to access API’, ‘propertyPath’: None, ‘invalidValue’: None, ‘error_code’: ‘UDAPI100050’, ‘property_path’: None, ‘invalid_value’: None}]}

image
image1080×740 46.4 KB