You can go through login flow FAQs here.

As mentioned in the documentation, we strongly recommend not to embed api_secret inside the client side application. It may become a huge security compromise. The token exchange has to happen on the …

You need to use request_token to generate access_token, not refresh_token go through the login flow here.

No, to generate a request token you need to login manually to this end-point: https://kite.zerodha.com/connect/login?v=3&api_key=your_api_key

Go through login flow FAQs here.

Go through login flow FAQs here.

There is no option in zerodha kite developer page to login through 2fa, i demanded only ID and PW, is it normal,

By Oct-3, If TOTP is not set, and I am still using old method of entering PIN:

as we don't want manual authenticate process each time when we need to generate login token and to trade.

I hope this mandatory check of TOTP for each order doesn't add delay to order placement.

You can refer to the login flow here.

Which API end-point is throwing this?

I confirmed multiple times that I can login to another account and kite does not validate the api_secret.

curl_setopt($ch, CURLOPT_URL,"https://kite.zerodha.com/api/login");

Is this for public use or for personal?

Are you following the steps mentioned here for access token generation?

#login

You can go through login flow documentation here.

It is mandatory by the exchange that a trader has to log in manually at least once a day. We don't recommend automating the login process.

You are getting the request token in the URL query param. You need to capture that. You can know more about the login flow here.