I would like to understand how the new SEBI rules that are going to take effect from 01 August, 2025 affect usage of the APIs for non-algo purposes like integrating APIs for running a manually used trading terminal.
@developer, This shouldn't be an issue for a platform, you will already have some kind of static address you may use that to get whitelisted on Kite Connect.
@sujith what happens if we use function say AWS Lambda's for order execution, where the IP is not static or even elastic bean stalk where your system IP changes frequently? I think you should provide a way to white list IP address through API
You'll have to use a service with a static IP. If the frequency of change in IP isn't too high, you can manually update it. Allowing change of IP with an API is not something I think is in the spirit of this regulation.
@Matti The problem with taking static IP from local ISPs is that if there is an internet outage, we cannot do much. Currently, if there is an internet outage; then I can immediately switch to different ISP (Example, I switch from BSNL to AirTel). Switching ISP changes the IP address of the machine.
How would we handle this scenario when static IP becomes mandatory?
@namratasonawane, you will have to enter the new IP on the developers console to get it whitelisted. It is not like internet will go off everyday. This is not something we are doing, it is a regulatory requirement. Hence all the brokers need to adhere to it.
@sujith I understand that this is not something that only Zerodha is doing. However, this static IP mandate is going to add too much of unnecessary overhead. At the same time, traders will be carrying the risk of losing the internet. Even if we can add another IP on the console which takes time & it would be an inconvenience. An automated trading system is designed to work in an automated manner, more manual interventions would lead to unreliable systems.
I hope you guys convey the feedback to the regulators.
There is no way these regulatory actions would stop people from getting duped. The basic problem is greed, as long as people are greedy, they will always fall pray to frauds.
These regulations are going to negatively impact those who are trying to make a living by having their own trading system. This obviously negatively affects business of brokers as well.
A basic virtual machine along with a static IP costs around 2.5 to 3 thousand on AWS or Google Cloud. Add that the cost of APIs 2 thousand/month. The total cost comes to 4.5 to 5k per month (around 60k per year). So we are paying more and getting more unreliability into our systems.
The other costs like taxes, brokerages have also gone up. You guys also know that only around 5% of the traders are profitable. This will lead to more people stopping their trading activities altogether.
@namratasonawane all these concerns were discussed with the regulator. After a lot of back and forth, this was the least painful solution. The most painful being just all APIs being disallowed.
@sujith@Matti I use Kite API for data analysis only and place orders manually. I suppose this static IP requirement is only for placing API orders. If so, is it possible for Kite to release an API that only provides data by websockets?
Kite Connect is a suite of execution APIs that we are allowed to offer as brokers. A data-only API would require us to be data vendors, which we are not.
After successful login, the redirect url is that of the server with registered static IP on kite developer console
My server (the one with static ip) requests for access token
All API based trading happens from my server (the one with registered static ip)
Is this how you will implement it? I believe this is how it should ideally be implemented as in this process all API based trading is happening from static IP only.
Advantages: 1. It makes it easier for me to login as I do not have to manually login to my VM everyday 2. It reduces my VM costs as most VMs with UI have higher costs
Use-case 1: That would be another blow. I think it is better if you get this point clarified. Normally if I have my website and it is being access by me via a browser. I am providing a Login button on my website, once I click Login then I am redirected to Zerodha's website. In this use-case, login will always happen from user's local IP.
If this is not allowed, then how would your Fintech vendors allow OAuth login? Clearly a fintech vendor cannot ask users to login to their server and use a browser to do OAuth based login.
Use-case 2: Another major concern is whether same trading account can be accessed by multiple IPs (via multiple API keys)?
Say if a user wants to use his account with multiple fintech vendors, how would this work? Currently many brokers allow you to create multiple applications on api dashboard (which is nothing but multiple API keys). So will Zerodha allow this use-case or not?
Use-case 3: If anyone has made is custom trading platform for "manual trading". Even that would have to be approved as an algo? Or such use-cases can use APIs without static IP and strategy/algo approval?
The static IP leads to many such use-cases which are completely missed in the regulations & it is causing so much uncertainty.
Fintech vendors will have vendor APIs where this will not be a problem. This static IP/client IP problem won't exist in that setup. The controls for vendors are different.
If anyone has made is custom trading platform for "manual trading". Even that would have to be approved as an algo? Or such use-cases can use APIs without static IP and strategy/algo approval?
We don't have details on this yet, but this hopefully will not need algo registration as long as this platform doesn't give advice in any form (for ex. "trade ideas", "popular strategies").
We are SEBI registered Advisory compmany , still this restrication is applicable on us.
This shouldn't be an issue for a platform, you will already have some kind of static address you may use that to get whitelisted on Kite Connect.
We used Publisher API for Order Placement & Rest API for Margin , Order Book.
How would we handle this scenario when static IP becomes mandatory?
This is not something we are doing, it is a regulatory requirement. Hence all the brokers need to adhere to it.
I hope you guys convey the feedback to the regulators.
There is no way these regulatory actions would stop people from getting duped. The basic problem is greed, as long as people are greedy, they will always fall pray to frauds.
These regulations are going to negatively impact those who are trying to make a living by having their own trading system. This obviously negatively affects business of brokers as well.
A basic virtual machine along with a static IP costs around 2.5 to 3 thousand on AWS or Google Cloud. Add that the cost of APIs 2 thousand/month. The total cost comes to 4.5 to 5k per month (around 60k per year). So we are paying more and getting more unreliability into our systems.
The other costs like taxes, brokerages have also gone up. You guys also know that only around 5% of the traders are profitable. This will lead to more people stopping their trading activities altogether.
If I have a linux VM which is console based and does not have UI, then how can I login using OAuth on that VM?
Is there a way wherein I can log-in from my local PC & have my strategy run on my linux box hosted in a cloud?
If I have a linux VM which is console based and does not have UI, then how can I login using OAuth on that VM?
Is there a way wherein I can log-in from my local PC & have my strategy run on my linux box hosted in a cloud?
Using a console based OS reduces cost when obtaining a VM.
Posting this query again, as this is a prime concern for me and I have not got any response.
- OAuth login from local PC
- After successful login, the redirect url is that of the server with registered static IP on kite developer console
- My server (the one with static ip) requests for access token
- All API based trading happens from my server (the one with registered static ip)
Is this how you will implement it? I believe this is how it should ideally be implemented as in this process all API based trading is happening from static IP only.Advantages:
1. It makes it easier for me to login as I do not have to manually login to my VM everyday
2. It reduces my VM costs as most VMs with UI have higher costs
Use-case 1:
That would be another blow. I think it is better if you get this point clarified. Normally if I have my website and it is being access by me via a browser. I am providing a Login button on my website, once I click Login then I am redirected to Zerodha's website. In this use-case, login will always happen from user's local IP.
If this is not allowed, then how would your Fintech vendors allow OAuth login? Clearly a fintech vendor cannot ask users to login to their server and use a browser to do OAuth based login.
Use-case 2:
Another major concern is whether same trading account can be accessed by multiple IPs (via multiple API keys)?
Say if a user wants to use his account with multiple fintech vendors, how would this work? Currently many brokers allow you to create multiple applications on api dashboard (which is nothing but multiple API keys). So will Zerodha allow this use-case or not?
Use-case 3:
If anyone has made is custom trading platform for "manual trading". Even that would have to be approved as an algo? Or such use-cases can use APIs without static IP and strategy/algo approval?
The static IP leads to many such use-cases which are completely missed in the regulations & it is causing so much uncertainty.
The OAuth wouldn't work from your home PC's IP since it would be different from the one attached to your app, so this wouldn't work.I was wrong. Login from home IP and everything else from server should work too.
Appreciate your valuable input. Let's hope for the best!!!