Starting October 3, 2021, order placements via the Kite Connect API will require the respective accounts to have enabled 2FA TOTP. This does not involve any changes to any of the APIs. You just have to enable 2FA TOTP on your Zerodha account with which you login to Kite Connect. Without this, orders will not go through.
This is in line with the SEBI Cyber Security regulations and the increased cyber security threat levels in recent times. Moreover, the entire industry may move to mandatory physical 2FA for all logins in the near future.
Why now? Huge rise cases in cyber security incidents. Every trading platform, API or not, is mandated to have 2FA like the circular says. We already enforce it for certain kinds of trades based on risk. SEBI is aware that the industry at large does not implement 2FA according to the original guidelines and there are indications that it will be enforced soon. When we mandated TOTP for risky trades, phishing and fraud complaints that were a regular feature went down to practically zero. Industry-wide 2FA will significantly reduce fraud and other unregulated activities.