Handling Multiple Account Logins and Access Token Issues in a Custom Webapp

rashmin31
Hello everyone,

I'm developing a personal trading application using React and have integrated it with multiple Zerodha Kite accounts for my family members. Each user account in my application can be linked to multiple Kite accounts, with their respective API and Secret keys stored securely in our database.

Here's how our setup works:

1. Each Kite account is associated with a 'Terminal' switch in our interface. When turned on, the system logs into Kite using the specified client ID.
2. Upon successful login, the 'Terminal' switch is disabled to prevent logout and allow the reuse of the access token throughout the day.
3. We maintain separate sessions for each account by opening the application in different browsers.




Issue:
Everything functions correctly on the initial login, as the client ID is passed during the 'Terminal' switch activation. However, if a user logs out of our application in one browser, it closes the session for that specific broker. On subsequent logins, the access token for that broker is already in our database, but since the 'Terminal' switch is disabled post-login, new logins cannot trigger it without manually re-enabling the switch, which poses a challenge in identifying which broker was logged out to handle the client ID passing.

Question:
How can I efficiently track or manage logout events per broker to ensure that the client ID can be appropriately passed when a user logs in again, without manually re-enabling the switch? Is there a more streamlined approach to handle session management and access token re-use across multiple browsers and sessions?

Any advice or insights on how to better manage this scenario would be greatly appreciated!

Thank you!
  • kakush30
    kakush30 edited July 2024
    I guess you are using Python in backend.

    I dont get it, what is the role of the browser after you got request_token and access_token? Why you creating sessions in browser? Are you using selenium? But why you using selenium to automate the tasks, when you simply can use Kite APIs.

    Why you need session management on multiple browser? Just use Kite API.
    Are you trying to obfuscate the real question? And actually want to do automatic login, which is not advisable BTW.
  • rashmin31
    I am using a Python backend to create APIs that interact with my frontend. On my frontend application, I want to see the current PnLs of the strategies running on all my family accounts in one place.

    I am not using Selenium. It seems there might have been a misunderstanding. I am creating my own frontend where I log into the application and save the API Key and Secret for all my accounts under one user (one-to-many mapping). On the initial login, the broker ID is known, but to avoid access_token issues, I am preventing logout. This is to ensure that if any family member accesses the frontend, they won't mistakenly log out by clicking on it.

    Challenge:
    After a user logs out and logs in again, the broker ID is lost, making it challenging to manage which access token to use for which broker ID. This issue affects the interaction with the Kite APIs and the UI state (especially the disabled 'Terminal' switch).
  • kakush30
    What access_token validity have to do with you logging out from your frontend, until and unless you are invalidating your acess_token.
    https://kite.trade/docs/connect/v3/user/#logout

    The validity of access_token is of full day, just store the access_token with Kite's user id and timestamp in your database( redis, or postgres or whatever you like), and make logics in your program accoding to that. What is so difficult about it?
Sign In or Register to comment.