I'm currently trying to fetch my portfolio holdings using the Kite Connect API (GET https://api.kite.trade/portfolio/holdings), and I'm consistently running into a TokenException with the message: "Incorrect \api_key` or `access_token`."`
I'm on a personal plan for Kite Connect. I've tried to troubleshoot this, but haven't been able to figure out what's going wrong.
Here's what I'm doing and what I've checked so far:
My Setup:
API Endpoint: GET https://api.kite.trade/portfolio/holdings Headers: X-Kite-Version: 3 Authorization: token YOUR_API_KEY:YOUR_ACCESS_TOKEN (I'm replacing YOUR_API_KEY and YOUR_ACCESS_TOKEN with my actual values) I'm using Postman to send these requests. Troubleshooting Steps I've Taken:
Verified API Key and Secret: I've double-checked my api_key and api_secret directly from my Zerodha Developer Console to ensure they are correct. Full Authentication Flow: I've manually performed the entire login and token exchange process today (May 29, 2025) to ensure I have a fresh request_token and access_token. I generated the request_token via the Kite login redirect. I then used a POST request to https://api.kite.trade/session/token with my api_key, the new request_token, and a checksum (calculated as SHA-256 of api_key + request_token + api_secret). This POST request successfully returned a new access_token.
Used Fresh Access Token: Immediately after obtaining the new access_token from the session token exchange, I'm using that exact token in the Authorization header for the /portfolio/holdings request. I've copy-pasted to avoid typos. Authorization Header Format: I'm ensuring the Authorization header is exactly token api_key:access_token (with a space after "token" and a colon between the API key and access token). No Simultaneous Logins: I'm trying to avoid logging into the Kite web/mobile app at the same time I'm testing the API. Despite all these checks, I'm still getting the same error.
JSON
{ "status": "error", "message": "Incorrect `api_key` or `access_token`.", "data": null, "error_type": "TokenException" } Could anyone please shed some light on what I might be missing, or if there's any other common pitfall for this error, especially with the personal plan?