TokenException: Incorrect api_key or access_token for Holdings API

Vishal26x
Hey everyone,

I'm currently trying to fetch my portfolio holdings using the Kite Connect API (GET https://api.kite.trade/portfolio/holdings), and I'm consistently running into a TokenException with the message: "Incorrect \api_key` or `access_token`."`

I'm on a personal plan for Kite Connect. I've tried to troubleshoot this, but haven't been able to figure out what's going wrong.

Here's what I'm doing and what I've checked so far:

My Setup:

API Endpoint: GET https://api.kite.trade/portfolio/holdings
Headers:
X-Kite-Version: 3
Authorization: token YOUR_API_KEY:YOUR_ACCESS_TOKEN (I'm replacing YOUR_API_KEY and YOUR_ACCESS_TOKEN with my actual values)
I'm using Postman to send these requests.
Troubleshooting Steps I've Taken:

Verified API Key and Secret: I've double-checked my api_key and api_secret directly from my Zerodha Developer Console to ensure they are correct.
Full Authentication Flow: I've manually performed the entire login and token exchange process today (May 29, 2025) to ensure I have a fresh request_token and access_token.
I generated the request_token via the Kite login redirect.
I then used a POST request to https://api.kite.trade/session/token with my api_key, the new request_token, and a checksum (calculated as SHA-256 of api_key + request_token + api_secret).
This POST request successfully returned a new access_token.

Used Fresh Access Token:
Immediately after obtaining the new access_token from the session token exchange, I'm using that exact token in the Authorization header for the /portfolio/holdings request. I've copy-pasted to avoid typos.
Authorization Header Format: I'm ensuring the Authorization header is exactly token api_key:access_token (with a space after "token" and a colon between the API key and access token).
No Simultaneous Logins: I'm trying to avoid logging into the Kite web/mobile app at the same time I'm testing the API.
Despite all these checks, I'm still getting the same error.

JSON

{
"status": "error",
"message": "Incorrect `api_key` or `access_token`.",
"data": null,
"error_type": "TokenException"
}
Could anyone please shed some light on what I might be missing, or if there's any other common pitfall for this error, especially with the personal plan?

Thanks in advance for your help!
Tagged:
Sign In or Register to comment.