Skip to content

Authentication

Authentication for retail clients

method endpoint use case Rate Limit
POST /user/login Create session 1/sec

Login Header

x-api-key: <Your x-api Key>

Login Object

{
    "client_code": "DEMOUSER", 
    "password": "DEMOPASS",
    "totp": "412312",
    "application_id": "dev_1234"
}

Login Response

Click Here

Authentication for partner apps

sequenceDiagram
    participant Developer App
    participant User
    participant Flow Web
    participant Api Server
    Note over Developer App : login Url is https://flow.rupeezy.in?applicationId=
    Developer App->>+User: Generate login URL and give to user.

    User->>+Flow Web: Browse to the login url created by the developer app
    Note over Flow Web: User authentication process
    Flow Web->>+Developer App: Redirect to callback URL with 'auth' parameter
    Developer App->>+Api Server: Call Create session api with auth parameter and x-api-key
    Api Server->>+Developer App: Server returns with Access Tokens
method endpoint use case Rate Limit
BROWSER URL https://flow.rupeezy.in?applicationId=<YOUR application_id> Begin authentication flow NA
POST /user/session Create session 1/sec

STEP 1: Navigate to https://flow.rupeezy.in?applicationId=<YOUR application_id>

This step should open a login screen for your user. Only the user whitelisted while creating the application will be able to login. All others will be shown an error. Once the user verifies himself, he will be asked to give consent to the application. Upon receiving consent, the user will be redirected to the Callback URL registered with the application

STEP 2: The callbak url will be appended with a auth query parameter. Grab the auth parameter for the next step.

STEP 3: Call the create session API to get access token

Create Session Object

{
    "checksum": <checksum>, 
    "applicationId": <YOUR application_id>, 
    "token": <auth token>
}
key description
checksum SHA-256 hash of string "application_id"+"auth_token"+"x-api-key"
applicationId Contains application_id
token Contains auth param received in STEP 2

Create Session Response

{
    "status": "success",
    "data": {
        "access_token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAi.......",
        "user_name": "JOHN DOE",
        "login_time": "2023-Mar-29 13:10:50",
        "email": "JOHN.DOE@GMAIL.COM",
        "mobile": "9999999999",
        "exchanges": [
            "NSE_EQ",
            "NSE_FO",
            "MCX_FO",
            "NSE_CUR"
        ],
        "product_types": [
            "INTRADAY",
            "DELIVERY",
            "MTF"
        ],
        "others": {
            "userCode": "NXAAE",
            "POA": 2
        },
        "user_id": "XX9999",
        "tradingActive": true
    }
}

The access_token received in the above response should be used in Authorization header for all the subsequent apis. The format is: 

Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAi.......