Regarding zerodha ip while Kite login redirects to registered redirect url

Hello all,

We have consumed Zerodha Kite API for our elixir application. We would like to know if we can whitelist Zerodha ip when Kite login redirects to the registered redirect url(mentioned in the dev console). This helps us to expose our registered redirect url only to Zerodha and prevents any security attacks.

If it is possible, please provide us with Zerodha ip which calls the redirects url.

  • sujith
    All our traffic goes through Cloudflare so its not possible to give a set of IPs from which the redirect happens. You can find all the Cloudflare IP ranges here, but its not guaranteed that its from Kite or Zerodha since anyone can send traffic via Cloudflare.
  • srigirinadh
    thanks @sujith. Our redirect url is a public endpoint, anybody with the url can access it. We want to add an additional layer of security, to be sure that it comes only from Zerodha.

    Is there anything which is unique in Zerodha's request that says that it comes only from zerodha. Or any other info which helps us authorize that it is zerodha call.
  • sujith
    You validate by validating the request token.
    PS: How do you validate requests on a public URL? The point of public URL is anybody can send request right?
  • srigirinadh
    yeah, thanks
This discussion has been closed.