V2.0 login/authorization/token fails to fetch auth token

I have opened the ticket


To add clarity
Authorization API was tried using both CURL and Python http requests. API fails to fetch session token


headers ={
‘accept’: ‘application/json’,
‘Api-Version’: ‘2.0’,
‘Content-Type’: ‘application/x-www-form-urlencoded’

data ={
‘code’ : CODE,
‘client_id’ : ‘dc2924ef-4d21-4dab-8604-2b4d426f4444’,
‘client_secret’: ‘xxxxxxx’,
‘redirect_uri’ : ‘https://www.mywealthspinner.com’,
‘grant_type’: ‘authorization_code’

response =requests.post(url,headers,data)
jsonresponse = response.json()

{‘status’: ‘error’, ‘errors’: [{‘errorCode’: ‘UDAPI10000’, ‘message’: ‘This request is not supported by Upstox API’, ‘propertyPath’: None, ‘invalidValue’: None, ‘error_code’: ‘UDAPI10000’, ‘property_path’: None, ‘invalid_value’: None}]}

Trying to use the API V2 Python. Still getting the same error
pi_instance = upstox_client.LoginApi()
api_version = ‘v2’ # str | API Version Header
code = CODE # str | (optional)
client_id = CLIENTID # str | (optional)
client_secret = CLIENT_SECRET # str | (optional)
redirect_uri = REDIRECTURL # str | (optional)
grant_type = GRANTTYPE # str | (optional)

# Get token API
api_response = api_instance.token(api_version, code=code, client_id=client_id, client_secret=client_secret, redirect_uri=redirect_uri, grant_type=grant_type)
except ApiException as e:
print(“Exception when calling LoginApi->token: %s\n” % e)


Exception when calling LoginApi->token: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({‘Date’: ‘Sat, 22 Jul 2023 11:06:58 GMT’, ‘Content-Type’: ‘application/json’, ‘Transfer-Encoding’: ‘chunked’, ‘Connection’: ‘keep-alive’, ‘Vary’: ‘Origin, Access-Control-Request-Method, Access-Control-Request-Headers’, ‘message’: ‘request failed’, ‘requestId’: ‘398e811b-ac60-49e3-be47-b16d8a7d5f9d’, ‘X-Content-Type-Options’: ‘nosniff’, ‘X-XSS-Protection’: ‘1; mode=block’, ‘Cache-Control’: ‘no-cache, no-store, max-age=0, must-revalidate’, ‘Pragma’: ‘no-cache’, ‘Expires’: ‘0’, ‘Strict-Transport-Security’: ‘max-age=0; includeSubDomains’, ‘X-Frame-Options’: ‘DENY’, ‘CF-Cache-Status’: ‘DYNAMIC’, ‘Set-Cookie’: ‘_cfuvid=SCig6U0dvIycI_TKtnFHIEoTkkdRtFeLguXzeDFR9xI-1690024018785-0-604800000; path=/; domain=.upstox.com; HttpOnly; Secure; SameSite=None’, ‘Server’: ‘cloudflare’, ‘CF-RAY’: ‘7eab37a50e8c3c06-BLR’})
HTTP response body: b’{“status”:“error”,“errors”:[{“errorCode”:“UDAPI100057”,“message”:“Invalid Auth code”,“propertyPath”:null,“invalidValue”:null,“error_code”:“UDAPI100057”,“property_path”:null,“invalid_value”:null}]}’

{‘status’: ‘error’, ‘errors’: [{‘errorCode’: ‘UDAPI10000’, ‘message’: ‘This request is not supported by Upstox API’, ‘propertyPath’: None, ‘invalidValue’: None, ‘error_code’: ‘UDAPI10000’, ‘property_path’: None, ‘invalid_value’: None}]}

Thank you for raising the ticket. We will thoroughly examine the issue related to your UCC and promptly respond with our findings on the ticket.

Here is a sample curl request

curl --location 'https://api-v2.upstox.com/login/authorization/token' \
--header 'accept: application/json' \
--header 'Api-Version: 2.0' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'code=xxx' \
--data-urlencode 'client_id=xxx' \
--data-urlencode 'client_secret=xxx' \
--data-urlencode 'redirect_uri=https://localhost' \
--data-urlencode 'grant_type=authorization_code'


I have tried CURL, Plain Http and python client side function …
Can some one help … it may take 5 mins to resolve


Here’s the revised and working version of your code with explicit mention of the “headers” and “data” variables:

import requests

url = "https://api-v2.upstox.com/login/authorization/token"

headers = {
    "accept": "application/json",
    "Api-Version": "2.0",
    "Content-Type": "application/x-www-form-urlencoded",

data = {
    "code": "XXX",
    "client_id": "XXX",
    "client_secret": "XXX",
    "redirect_uri": "{{your_redurect_url}}",
    "grant_type": "authorization_code",

response = requests.post(url, headers=headers, data=data)
jsonresponse = response.json()

You can find more information about the “requests” library for Python in the official documentation here: Quickstart — Requests 2.31.0 documentation


Any update on the issue ?


For the error “This request is not supported by Upstox API issue” as mentioned in the previous response, it is necessary to include the “headers” and “data” variables explicitly when making the API call via requests.post

response = requests.post(url, headers=headers, data=data)

You should not face the issue of This request is not supported… via the SDK.

If you encounter an “Invalid Auth” error, kindly raise a support ticket by visiting this link: https://help.upstox.com/support/tickets/new. Please provide your UCC (Unique Client Code) and other relevant information in the ticket. Our team will conduct an investigation and respond to your query accordingly.


Following are the two rockets which are raised already. I believe raising tickets isnt helping anymore

I am using python code, still error is same.


Thank you for providing the ticket ID. Our team will review it and respond.

Dude, Any update ?


Please check ticket number:: 7775170

According to our internal records, we observed that on the 24th, there were two instances of ‘Invalid Auth code’ errors encountered during your /token requests.

This error typically arises when the authentication code received during redirection has already been used to generate a token. Any further attempts to generate a token using the same auth code will trigger this particular error.

Let us know in case of an issue on the ticket. Thanks


Can you help me with the URL that you use to initiate login?


URL to fetch CODE :


@Kumar_M The problem’s right there.

The URL you’ve been using is for Upstox API v1. The following should work fine for the v2 version.


Please try with the above URL and let us know if it works.

Wow! Thanks. The new URL did the magic.

Please update the 2.0 Documentation on the new URL.


what is grant_type or auth code ?

In OAuth, grant types are how an application can obtain an access token to interact with a protected resource. We are using authorization-code. For more details please refer links

You also do not need response_type=code

Refer - https://github.com/aeron7/upstox-api-pro/blob/main/Upstox_API_Integration_Part_I.ipynb

api_key = ""
redirect_uri = ""

# Construct the login URL
login_url = "https://api-v2.upstox.com/login/authorization/dialog?response_type=code&client_id={}&redirect_uri={}".format(api_key, redirect_uri)

Also, you can use any link on earth in the redirect URL. It is not a pressing issue. You do not need localhost

I am facing similar issue, in my case i have used V2 api as above,

need your support, I have created following ticket too


code is
from future import print_function
import upstox_client
import requests

create an instance of the API class

api_instance = upstox_client.LoginApi()
client_id = ‘50da07b7-113e-4f5e-ba3f-XXXXXX’ # str |
redirect_uri = ‘’ # str |
api_version = ‘2.0’ # str | API Version Header
state = ‘state_example’ # str | (optional)
scope = ‘scope_example’ # str | (optional)
url = “https://api-v2.upstox.com/login/authorization/dialog
code = ‘code’ # str | (optional)

payload = {“client_id”: client_id,
“redirect_uri”: redirect_uri,
“state”: state,
“response_type”: code}
headers = {“Api-Version”: api_version}

requests.request(“GET”, url, headers=headers, params=payload)

client_secret = ‘XXXXX’ # str | (optional)

redirect_uri = ‘redirect_uri_example’ # str | (optional)

grant_type = ‘authorization_code’ # str | (optional)

url = “https://api-v2.upstox.com/login/authorization/token

payload={“code”: code,
“client_id”: client_id,
“client_secret”: client_secret,
“redirect_uri”: redirect_uri,
“grant_type”: grant_type}
headers = {
‘Content-Type’: ‘application/x-www-form-urlencoded’,
‘accept’: ‘application/json’,
“Api-Version”: api_version

response = requests.request(“POST”, url, headers=headers, data=payload)


Following is the error
{‘status’: ‘error’, ‘errors’: [{‘errorCode’: ‘UDAPI100057’, ‘message’: ‘Invalid Auth code’, ‘propertyPath’: None, ‘invalidValue’: None, ‘error_code’: ‘UDAPI100057’, ‘property_path’: None, ‘invalid_value’: None}]}


The ‘Invalid Auth code’ error arises when the code provided to the Token API is incorrect. Potential reasons include:

  1. The code might not have been produced through the Upstox API’s Authorize method.
  2. The code, once generated from the Authorization procedure, might have been previously utilized with the Token API.

Remember: Regardless of the API’s success on its first attempt, the auth code is good for only one use and won’t work for subsequent tries.

Hope this clarifies things. Please let me know if you have further questions.

Thank you!