V2.0 login/authorization/token fails to fetch auth token

Hi
I have opened the ticket

ID[#7775170]

To add clarity
Authorization API was tried using both CURL and Python http requests. API fails to fetch session token

url=“https://api-v2.upstox.com/login/authorization/token

headers ={
‘accept’: ‘application/json’,
‘Api-Version’: ‘2.0’,
‘Content-Type’: ‘application/x-www-form-urlencoded’
}

data ={
‘code’ : CODE,
‘client_id’ : ‘dc2924ef-4d21-4dab-8604-2b4d426f4444’,
‘client_secret’: ‘xxxxxxx’,
‘redirect_uri’ : ‘https://www.mywealthspinner.com’,
‘grant_type’: ‘authorization_code’
}

response =requests.post(url,headers,data)
jsonresponse = response.json()

{‘status’: ‘error’, ‘errors’: [{‘errorCode’: ‘UDAPI10000’, ‘message’: ‘This request is not supported by Upstox API’, ‘propertyPath’: None, ‘invalidValue’: None, ‘error_code’: ‘UDAPI10000’, ‘property_path’: None, ‘invalid_value’: None}]}

Trying to use the API V2 Python. Still getting the same error
pi_instance = upstox_client.LoginApi()
api_version = ‘v2’ # str | API Version Header
code = CODE # str | (optional)
client_id = CLIENTID # str | (optional)
client_secret = CLIENT_SECRET # str | (optional)
redirect_uri = REDIRECTURL # str | (optional)
grant_type = GRANTTYPE # str | (optional)

try:
# Get token API
api_response = api_instance.token(api_version, code=code, client_id=client_id, client_secret=client_secret, redirect_uri=redirect_uri, grant_type=grant_type)
pprint(api_response)
except ApiException as e:
print(“Exception when calling LoginApi->token: %s\n” % e)

Error

Exception when calling LoginApi->token: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({‘Date’: ‘Sat, 22 Jul 2023 11:06:58 GMT’, ‘Content-Type’: ‘application/json’, ‘Transfer-Encoding’: ‘chunked’, ‘Connection’: ‘keep-alive’, ‘Vary’: ‘Origin, Access-Control-Request-Method, Access-Control-Request-Headers’, ‘message’: ‘request failed’, ‘requestId’: ‘398e811b-ac60-49e3-be47-b16d8a7d5f9d’, ‘X-Content-Type-Options’: ‘nosniff’, ‘X-XSS-Protection’: ‘1; mode=block’, ‘Cache-Control’: ‘no-cache, no-store, max-age=0, must-revalidate’, ‘Pragma’: ‘no-cache’, ‘Expires’: ‘0’, ‘Strict-Transport-Security’: ‘max-age=0; includeSubDomains’, ‘X-Frame-Options’: ‘DENY’, ‘CF-Cache-Status’: ‘DYNAMIC’, ‘Set-Cookie’: ‘_cfuvid=SCig6U0dvIycI_TKtnFHIEoTkkdRtFeLguXzeDFR9xI-1690024018785-0-604800000; path=/; domain=.upstox.com; HttpOnly; Secure; SameSite=None’, ‘Server’: ‘cloudflare’, ‘CF-RAY’: ‘7eab37a50e8c3c06-BLR’})
HTTP response body: b’{“status”:“error”,“errors”:[{“errorCode”:“UDAPI100057”,“message”:“Invalid Auth code”,“propertyPath”:null,“invalidValue”:null,“error_code”:“UDAPI100057”,“property_path”:null,“invalid_value”:null}]}’

{‘status’: ‘error’, ‘errors’: [{‘errorCode’: ‘UDAPI10000’, ‘message’: ‘This request is not supported by Upstox API’, ‘propertyPath’: None, ‘invalidValue’: None, ‘error_code’: ‘UDAPI10000’, ‘property_path’: None, ‘invalid_value’: None}]}

Thank you for raising the ticket. We will thoroughly examine the issue related to your UCC and promptly respond with our findings on the ticket.

Here is a sample curl request

curl --location 'https://api-v2.upstox.com/login/authorization/token' \
--header 'accept: application/json' \
--header 'Api-Version: 2.0' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'code=xxx' \
--data-urlencode 'client_id=xxx' \
--data-urlencode 'client_secret=xxx' \
--data-urlencode 'redirect_uri=https://localhost' \
--data-urlencode 'grant_type=authorization_code'

Pradeep

I have tried CURL, Plain Http and python client side function …
Can some one help … it may take 5 mins to resolve

Thanks
Kumar

Here’s the revised and working version of your code with explicit mention of the “headers” and “data” variables:

import requests

url = "https://api-v2.upstox.com/login/authorization/token"

headers = {
    "accept": "application/json",
    "Api-Version": "2.0",
    "Content-Type": "application/x-www-form-urlencoded",
}

data = {
    "code": "XXX",
    "client_id": "XXX",
    "client_secret": "XXX",
    "redirect_uri": "{{your_redurect_url}}",
    "grant_type": "authorization_code",
}

response = requests.post(url, headers=headers, data=data)
jsonresponse = response.json()

You can find more information about the “requests” library for Python in the official documentation here: Quickstart — Requests 2.31.0 documentation

Pradeep

Any update on the issue ?

Thanks
Kumar

For the error “This request is not supported by Upstox API issue” as mentioned in the previous response, it is necessary to include the “headers” and “data” variables explicitly when making the API call via requests.post

response = requests.post(url, headers=headers, data=data)

You should not face the issue of This request is not supported… via the SDK.

If you encounter an “Invalid Auth” error, kindly raise a support ticket by visiting this link: https://help.upstox.com/support/tickets/new. Please provide your UCC (Unique Client Code) and other relevant information in the ticket. Our team will conduct an investigation and respond to your query accordingly.

Pradeep

Following are the two rockets which are raised already. I believe raising tickets isnt helping anymore
#7777258
#7775170

I am using python code, still error is same.

Thanks
Kumar

Thank you for providing the ticket ID. Our team will review it and respond.

Dude, Any update ?

Thanks
Kumar

Please check ticket number:: 7775170

According to our internal records, we observed that on the 24th, there were two instances of ‘Invalid Auth code’ errors encountered during your /token requests.

This error typically arises when the authentication code received during redirection has already been used to generate a token. Any further attempts to generate a token using the same auth code will trigger this particular error.

Let us know in case of an issue on the ticket. Thanks

@Kumar_M

Can you help me with the URL that you use to initiate login?

Hi

URL to fetch CODE :
https://api.upstox.com/index/dialog/authorize?apiKey=6ddb5ad2-3180-49f8-a456-7f0f5a19cd4b&redirect_uri=https://127.0.0.1&response_type=code

Thanks
Kumar

@Kumar_M The problem’s right there.

The URL you’ve been using is for Upstox API v1. The following should work fine for the v2 version.

https://api-v2.upstox.com/login/authorization/dialog?response_type=code&client_id=6ddb5ad2-3180-49f8-a456-7f0f5a19cd4b&redirect_uri=https://127.0.0.1

Please try with the above URL and let us know if it works.

Wow! Thanks. The new URL did the magic.

Please update the 2.0 Documentation on the new URL.

Thanks
Kumar

what is grant_type or auth code ?

In OAuth, grant types are how an application can obtain an access token to interact with a protected resource. We are using authorization-code. For more details please refer links

You also do not need response_type=code

Refer - https://github.com/aeron7/upstox-api-pro/blob/main/Upstox_API_Integration_Part_I.ipynb

api_key = ""
redirect_uri = ""

# Construct the login URL
login_url = "https://api-v2.upstox.com/login/authorization/dialog?response_type=code&client_id={}&redirect_uri={}".format(api_key, redirect_uri)

Also, you can use any link on earth in the redirect URL. It is not a pressing issue. You do not need localhost

@Pradeep_Jaiswar
I am facing similar issue, in my case i have used V2 api as above,

need your support, I have created following ticket too

#8040425

code is
from future import print_function
import upstox_client
import requests

create an instance of the API class

api_instance = upstox_client.LoginApi()
client_id = ‘50da07b7-113e-4f5e-ba3f-XXXXXX’ # str |
redirect_uri = ‘https://127.0.0.1’ # str |
api_version = ‘2.0’ # str | API Version Header
state = ‘state_example’ # str | (optional)
scope = ‘scope_example’ # str | (optional)
url = “https://api-v2.upstox.com/login/authorization/dialog
code = ‘code’ # str | (optional)

payload = {“client_id”: client_id,
“redirect_uri”: redirect_uri,
“state”: state,
“response_type”: code}
headers = {“Api-Version”: api_version}

requests.request(“GET”, url, headers=headers, params=payload)

client_secret = ‘XXXXX’ # str | (optional)

redirect_uri = ‘redirect_uri_example’ # str | (optional)

grant_type = ‘authorization_code’ # str | (optional)

url = “https://api-v2.upstox.com/login/authorization/token

payload={“code”: code,
“client_id”: client_id,
“client_secret”: client_secret,
“redirect_uri”: redirect_uri,
“grant_type”: grant_type}
headers = {
‘Content-Type’: ‘application/x-www-form-urlencoded’,
‘accept’: ‘application/json’,
“Api-Version”: api_version
}

response = requests.request(“POST”, url, headers=headers, data=payload)

print(response.json())

Following is the error
{‘status’: ‘error’, ‘errors’: [{‘errorCode’: ‘UDAPI100057’, ‘message’: ‘Invalid Auth code’, ‘propertyPath’: None, ‘invalidValue’: None, ‘error_code’: ‘UDAPI100057’, ‘property_path’: None, ‘invalid_value’: None}]}

@sameercn

The ‘Invalid Auth code’ error arises when the code provided to the Token API is incorrect. Potential reasons include:

  1. The code might not have been produced through the Upstox API’s Authorize method.
  2. The code, once generated from the Authorization procedure, might have been previously utilized with the Token API.

Remember: Regardless of the API’s success on its first attempt, the auth code is good for only one use and won’t work for subsequent tries.

Hope this clarifies things. Please let me know if you have further questions.

Thank you!