User¶
Login flow¶
The login flow starts by navigating to the public Kite login endpoint.
https://kite.zerodha.com/connect/login?v=3&api_key=xxx
A successful login comes back with a request_token as a URL query parameter to the redirect URL registered on the developer console for that api_key. This request_token, along with a checksum (SHA-256 of api_key + request_token + api_secret) is POSTed to the token API to obtain an access_token, which is then used for signing all subsequent requests. In summary:
- Navigate to the Kite Connect login page with the api_key
- A succesful login comes back with a
request_tokento the registered redirect URL - POST the
request_tokenandchecksum(SHA-256 ofapi_key + request_token + api_secret) to/session/token - Obtain the
access_tokenand use that with all subsequent requests
An optional
redirect_paramsparam can be appended to public Kite login endpoint, that will be sent back to the redirect URL. The value is URL encoded query params string, eg:some=X&more=Y). eg:https://kite.zerodha.com/connect/login?v=3&api_key=xxx&redirect_params=some%3DX%26more%3DY
Here's a webinar that shows the login flow and other interactions.
Warning
Never expose your api_secret by embedding it in a mobile app or a client side application. Do not expose the access_token you obtain for a session to the public either.
| type | endpoint | |
|---|---|---|
| POST | /session/token | Authenticate and obtain the access_token after the login flow |
| GET | /user/profile | Retrieve the user profile |
| GET | /user/margins/:segment | Retrieve detailed funds and margin information |
| DELETE | /session/token | Logout and invalidate the API session and access_token |
Authentication and token exchange¶
Once the request_token is obtained from the login flow, it should be POSTed to /session/token to complete the token exchange and retrieve the access_token.
curl https://api.kite.trade/session/token \ -H "X-Kite-Version: 3" \ -d "api_key=xxx" \ -d "request_token=yyy" \ -d "checksum=zzz"
{ "status": "success", "data": { "user_id": "XX000", "user_name": "Kite Connect", "user_shortname": "Kite", "email": "[email protected]", "user_type": "investor", "broker": "ZERODHA", "exchanges": [ "MCX", "BSE", "NSE", "BFO", "NFO", "CDS" ], "products": [ "BO", "CNC", "CO", "MIS", "NRML" ], "order_types": [ "LIMIT", "MARKET", "SL", "SL-M" ], "api_key": "xxxxxx", "access_token": "yyyyyy", "public_token": "zzzzzz", "refresh_token": null, "login_time": "2018-01-01 16:15:14", "avatar_url": null } }
Request parameters¶
| parameter | |
|---|---|
api_key |
The public API key |
request_token |
The one-time token obtained after the login flow. This token's lifetime is only a few minutes and it is meant to be exchanged for an access_token immediately after being obtained |
checksum |
SHA-256 hash of (api_key + request_token + api_secret) |
Response attributes¶
| attribute | |
|---|---|
user_idstring |
The unique, peramanent user id registered with the broker and the exchanges |
user_namestring |
User's real name |
user_shortnamestring |
Shortened version of the user's real name |
emailstring |
User's email |
user_typestring |
User's registered role at the broker. This will be investor for all retail users |
brokerstring |
The broker ID |
exchangesstring[] |
Exchanges enabled for trading on the user's account |
productsstring[] |
Margin product types enabled for the user |
order_typesstring[] |
Order types enabled for the user |
api_keystring |
The API key for which the authentication was performed |
access_tokenstring |
The authentication token that's used to be used with every subsequent request. Unless this is invalidated using the API, or invalidated by a master-logout from the Kite Web trading terminal, it'll expire at 6 AM on the next day (regulatory requirement) |
public_tokenstring |
A token for public session validation where requests may be exposed to the public |
refresh_tokenstring |
A token for getting long standing read permissions. This is only available to certain approved platforms |
login_timestring |
User's last login time |
avatar_urlstring |
Full URL to the user's avatar (PNG image) if there's one |
Signing requests¶
Once the authentication is complete, all requests should be signed with the HTTP Authorization header with token as the authorisation scheme, followed by a space, and then the api_key:access_token combination. For example:
curl -H "Authorization: token api_key:access_token" curl -H "Authorization: token xxx:yyy"
User profile¶
While a successful token exchange returns the full user profile, it's possible to retrieve it any point of time with the /user/profile API. Do note that the profile API does not return any of the tokens.
curl https://api.kite.trade/user/profile \ -H "X-Kite-Version: 3" \ -d "api_key=xxx" \ -d "request_token=yyy"
{ "status": "success", "data": { "user_type": "investor", "email": "[email protected]", "user_name": "Kite Connect", "user_shortname": "Kite", "broker": "ZERODHA", "exchanges": [ "MCX", "BSE", "NSE", "BFO", "NFO", "CDS" ], "products": [ "BO", "CNC", "CO", "MIS", "NRML" ], "order_types": [ "LIMIT", "MARKET", "SL", "SL-M" ] } }
Funds and margins¶
A GET request to /user/margins returns funds, cash, and margin information for the user for equity and commodity segments.
A GET request to /user/margins/:segment returns funds, cash, and margin information for the user. segment in the URI can be either equity or commodity.
curl "https://api.kite.trade/user/margins" \ -H "X-Kite-Version: 3" \ -H 'Authorization: token api_key:access_token'
{ "status": "success", "data": { "equity": { "enabled": true, "net": 24966.7493, "available": { "adhoc_margin": 0, "cash": 25000, "collateral": 0, "intraday_payin": 0 }, "utilised": { "debits": 33.2507, "exposure": 0, "m2m_realised": -0.25, "m2m_unrealised": 0, "option_premium": 0, "payout": 0, "span": 0, "holding_sales": 0, "turnover": 0 } }, "commodity": { "enabled": true, "net": 25000, "available": { "adhoc_margin": 0, "cash": 25000, "collateral": 0, "intraday_payin": 0 }, "utilised": { "debits": 0, "exposure": 0, "m2m_realised": 0, "m2m_unrealised": 0, "option_premium": 0, "payout": 0, "span": 0, "holding_sales": 0, "turnover": 0 } } } }
Response attributes¶
| attribute | |
|---|---|
enabledbool |
Indicates whether the segment is enabled for the user |
netfloat |
Net cash balance available for trading (intraday_payin + adhoc_margin + collateral) |
available.cashfloat |
Raw cash balance in the account available for trading (also includes intraday_payin) |
available.intraday_payinfloat |
Amount that was deposited during the day |
available.adhoc_marginfloat |
Additional margin provided by the broker |
available.collateralfloat |
Margin derived from pledged stocks |
utilised.m2m_unrealisedfloat |
Un-booked (open) intraday profits and losses |
utilised.m2m_realisedfloat |
Booked intraday profits and losses |
utilised.debitsfloat |
Sum of all utilised margins (unrealised M2M + realised M2M + SPAN + Exposure + Premium + Holding sales) |
utilised.spanfloat |
SPAN margin blocked for all open F&O positions |
utilised.option_premiumfloat |
Value of options premium received by shorting |
utilised.holding_salesfloat |
Value of holdings sold during the day |
utilised.exposurefloat |
Exposure margin blocked for all open F&O positions |
utilised.turnoverfloat |
Utilised portion of the maximum turnover limit (only applicable to certain clients) |
utilised.payoutfloat |
Funds paid out or withdrawn to bank account during the day |
Logout¶
This call invalidates the access_token and destroys the API session. After this, the user should be sent through a new login flow before further interactions. This does not log the user out of the official Kite web or mobile applications.
curl --request DELETE \ -H "X-Kite-Version: 3" \ "https://api.kite.trade/session/token?api_key=xxx&access_token=yyy"