Hi @Himanshul_Keshri, The Access Token Request API is solely for initiating a token request. Please ensure you have completed the token approval step through the Upstox app / web. You will only receive webhook updates after the token request is approved.
Kindly follow the steps outlined in the documentation for guidance.
hello sir , thankyou for the reply but i have aproved it more than a time and also tested but didnt get access token saved in my database , as the website documentation i was thout it may me payload issue but i directly stringify the body got from you in my api and saving but same no any data is saved , check all issue like cors n all so issue is not from my end
@Himanshul_Keshri thanks for sharing the details.
The URL you shared is currently blocked by our organization’s firewall, which is why no updates are being received from it. We will need to check if this URL can be whitelisted and will get back to you.
Thank you, sir. However, could you clarify if the notifier URL is blocked for each new user? The documentation does not mention this. If possible, please whitelist the URL or suggest an alternative way to proceed.
@Himanshul_Keshri The URLs are not blocked for all new users. It depends on specific rules applied to the domain, which we typically resolve through whitelisting.
We are exploring solutions to automate this process or determine the most efficient approach.
Good morning, team.
The webhook functionality for Access Token Requests for Users seems well-designed, but the process is not fully automated as expected.
Despite following all the manuals, users are still required to open their developer account and manually approve the access token request.
I’m unclear why this verification step is necessary, considering the API call already includes both the clientId and secretKey.
Ideally, it should directly trigger the notifier to send a notification, streamlining the automation process.
Thank you for bringing up this question. Our goal is to ensure the developer experience is as seamless as possible, and this is one of our efforts toward that.
Accessing the access token via the URL requires explicit authorization from the account owner in compliance with regulatory guidelines. Although clientId and secretKey are necessary to make this call,