Two things are bundled here, and they land on different sides of the rule. The shared central IP isn't the core problem by itself — Zerodha has said the mode of obtaining a static IP (ISP/VPS/etc.) isn't specified. But IP sharing is only sanctioned within a family (spouse / dependent children / dependent parents). One IP across many unrelated users is exactly the pattern their surveillance flags, and they've said they'll suspend API access where unrelated accounts share an IP. The bigger issue is the service-provider line. Matti (Zerodha) put it plainly: "service providers who send trades on behalf of customers are the targets of this regulation… if you want to send trades on behalf of others, you'll need to get yourself and your strategies approved as vendors and research analysts." A platform that places orders for multiple end users — even when each logs in with their own account — reads as exactly that: the regulated third-party-provider bucket, not the personal-use exemption. So as I read it: each user running their own deployment on their own IP/account, with you only supplying the software, is the clean coder-for-hire side. One central platform placing everyone's orders through one IP is the side that needs vendor/RA registration. Not legal advice — which is why they pointed you to their compliance team — but that service-provider sentence is the line I'd anchor on. A reference build of the compliant personal-use side (static IP, human-in-the-loop, user's own account) is here if useful: github.com/Finance-broski/kite-execution-pipeline
The shared central IP isn't the core problem by itself — Zerodha has said the mode of obtaining a static IP (ISP/VPS/etc.) isn't specified. But IP sharing is only sanctioned within a family (spouse / dependent children / dependent parents). One IP across many unrelated users is exactly the pattern their surveillance flags, and they've said they'll suspend API access where unrelated accounts share an IP.
The bigger issue is the service-provider line. Matti (Zerodha) put it plainly: "service providers who send trades on behalf of customers are the targets of this regulation… if you want to send trades on behalf of others, you'll need to get yourself and your strategies approved as vendors and research analysts." A platform that places orders for multiple end users — even when each logs in with their own account — reads as exactly that: the regulated third-party-provider bucket, not the personal-use exemption.
So as I read it: each user running their own deployment on their own IP/account, with you only supplying the software, is the clean coder-for-hire side. One central platform placing everyone's orders through one IP is the side that needs vendor/RA registration. Not legal advice — which is why they pointed you to their compliance team — but that service-provider sentence is the line I'd anchor on. A reference build of the compliant personal-use side (static IP, human-in-the-loop, user's own account) is here if useful: github.com/Finance-broski/kite-execution-pipeline