Daily API Calls

Seamless Onboarding Journey

Robustly secured with AES 256 Encryption

Failproof 2 Factor Authentication

About testing

The UAS is specially designed for clients or partners to integrate the authentication mechanism for the clients.

About this API Kit

5paisa customers who hold a demat account with 5paisa and have generated API keys for themselves can use the API. It allows the user to obtain request token to be used further to fetch access token.

TOTP Login

The OAuth mechanism is built for customer login flow on partner’s platform built on 5paisa Open APIs. It redirects the customer to 5paisa Web Login page through partner’s platform (web or app) and let customer login through 5paisa demat account credentials. 

OAuth Login (Web Based)

The API serves all the partners of IIFL Securities by providing a separate session management for partners. This login is helpful when there is a need for reconciliation of transactions done by clients through partner’s channels. The login requires email id and contact number provided by the client while generating their API credentials. The head of this API request requires userID and password to be passed in the encrypted format.

Access Token

Path 76940.svg

How to integrate User Authentication System to your product.

Build Guide

For clients or partners to integrate 
the user authentication mechanism.

Integration Support

Ratings

Avg. Response Time

by IIFL Securities

Success Rate

User Authentication System

Mask Group 14441.png

Check API Integration Flow

How to use fetch Access Token

Knowledge base

5paisa customers who hold a demat account with 5paisa and have generated API keys for themselves can use the API. It allows the user to obtain request token to be used further to fetch access token.The API generates the Request token for the user which is required for authentication of all other APIs. The API requires the user’s account API Key, client code/emailId/MobileNo, TOTP and MPIN.&nbsp;Please note this API is not available for Partners and is only available to Individual Users. Hence only individual User's key will be supported.

REQUEST URL

Headers

Request body

Response body

The request token &nbsp;generated after successful login request remains valid for 60 min from the time of its generation. However the access token generated from above request token is valid for a day. Please refer next documentation to obtain access token.

Validity of Session Token

Failure due reuse of TOTP

Failure due to incorrect or expired TOTP

Failure due to invalid client code 

Group 27382@3x.png

Help make these Dev Docs great, contribute to the
APIs and get rewarded for your contribution

Contribute and get rewarded

Success 

The OAuth mechanism is built for customer login flow on partner’s platform built on 5paisa Open APIs. It redirects the customer to 5paisa Web Login page through partner’s platform (web or app) and let customer login through 5paisa demat account credentials. Post successful login, customer is redirected back to the callback URL provided by the partner.

Partner has to redirect customer to the URL mentioned above and along with it pass parameters listed below through POST method.This login has been updated as per the SEBI regulations of 2-factor authentication. It is based on client code, PIN and a real-time OTP/TOTP.

NOTE

Parameters

&nbsp;After successful login, user will be redirected to the callback URL provided by the partner/user and partner/user will receive following parameters as URL Params.&nbsp;

&nbsp;The Request Token returned on successful login is valid for 60 min only. This token is to be used to call fetch Access token which can be used for sending request through all other Open APIs.Please refer below documentation to know how to fetch access token.

Fetch Access Token

The request token &nbsp;generated after successful login request remains valid for 60 min from the time of its generation. However the access token generated from above request token is valid for a day. Please refer next documentation to obtain access token.

Validity of Request Token

Login check API docs is the
next thing to checkout

How to use this API that 
suits your work flow best

The API is designed to generate access token for a client with help of Request Token obtained from either TOTP or OAUTH Login.&nbsp;To generate the access token, partner/client needs to provide AppKey in the head of the payload whereas UserID and encryptionKey needs to be passed in body. The successful API call will provide the partner a Access token which is valid throughout a day. This access token can be used to call all further API's.

The EncrypKey and UserId correspond to the partner when the client logs in through a partner and to the client when the client logs in independently.Client keys can be find <a href="https://xstream.5paisa.com/dashboard" target="_blank" rel="noopener noreferrer">here</a> &nbsp;After successful login Partner will receive client code in response.

Access Token - FAQ

The access token &nbsp;generated after successful login request remains valid thought a day from the time of its generation. Token expires every day at 11:59 PM.

Validity of Access Token

AllowBseCash,AllowBseDeriv,AllowBseMF,AllowMCXComm,AllowMcxSx,AllowNSECurrency,AllowNSEL,AllowNseCash,AllowNseComm,AllowNseDeriv,AllowNseMF,CommodityEnabled

Segment Activation Flags

Failure due to wrong Expired API credentials or request code in the head

Failure due to invalid resquest token

thumbnail_Mask Group 14361.png

Mask Group 14361.png

Group 25237-8.svg

Python

Group 25237-6.svg

Node JS

Group 25237-5.svg

Java

Group 25237-7.png

C Sharp

Group 25237-2.svg

Group 25237-4.png

Rust

Group 25237-3.svg

Go Lang

Group 25237-1.png

.NET

Group 25237.png

Json

Mask Group 14426-1@2x.png

Ruuby

Group 25237.svg

Group 25237 (1).svg

Group 25237 (2).svg

Group 25237(1).png

Group 25237 (3).svg

GO Lang

Group 25237 (4).svg

Group 25237(2).png

.Net

Group 25237(3).png

thumbnail_Mask Group 14441.png

ResponseURL

thumbnail_Group 27382@3x.png

Parameters	Discription
ResponseURL	The callback URL where partner wants to redirect customer after successful login through OAuth.
VendorKey	The API key of the partner provided by 5pasia along with other API credentials. Partner can use the key provided to them or User can use his own User Key.
State	This is the redirection params , which is passed to the response URL on successful login.

PARAMETERS	DESCRIPTION
State Params	State Variables to be send on response URL as URI params.
RequestToken	Request Token which can be used to obtain access token. Valid for 60 min.

OAuth Login (Web Based)

NOTE

Parameters

ResponseURL

The callback URL where partner wants to redirect customer after
successful login through OAuth.

VendorKey

The API key of the partner provided by 5pasia along with other API credentials. Partner can use the key provided to them or User can use his own User Key.

State

This is the redirection params , which is passed to the response URL on successful login.

State Params

State Variables to be send on response URL as URI params.

RequestToken

Request Token which can be used to obtain access token. Valid for 60 min.

Fetch Access Token

Validity of Request Token

Knowledge base

Need Help

Changelog

OAuth Login (Web Based)

NOTE

Parameters

ResponseURL

The callback URL where partner wants to redirect customer after successful login through OAuth.

VendorKey

The API key of the partner provided by 5pasia along with other API credentials. Partner can use the key provided to them or User can use his own User Key.

State

This is the redirection params , which is passed to the response URL on successful login.

State Params

State Variables to be send on response URL as URI params.

RequestToken

Request Token which can be used to obtain access token. Valid for 60 min.

Fetch Access Token

Validity of Request Token

Knowledge base

Need Help

Changelog

The callback URL where partner wants to redirect customer after
successful login through OAuth.