Skip to main content

Get Token

API to acquire an access token via an authorization_code exchange and concurrently includes the user's profile in the response.

The access_token obtained through this API has a specific validity period that lasts until 3:30 AM the following day, regardless of the time it was generated. For instance, if you generate a token at 8 PM on Tuesday, it will expire at 3:30 AM on Wednesday. This also means that a token created at 2:30 AM on Wednesday will still expire at 3:30 AM on the same Wednesday. Therefore, users are advised to plan their activities accordingly, ensuring they accommodate the token's expiration schedule in their usage. The code sent as part of this request is valid for a single use, regardless of whether the access token generation succeeds or encounters an issue.

Request

curl -X 'POST' 'https://api.upstox.com/v2/login/authorization/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'code={your_code}&client_id={your_client_id}&client_secret={your_client_secret}&redirect_uri={your_redirect_url}&grant_type=authorization_code'

For additional samples in various languages, please refer to the Sample code section on this page.

Request Body

NameRequiredTypeDescription
codetruestringThe code is a unique parameter included in the URL upon a successful Authorize API authentication.
client_idtruestringThe API key obtained during the app generation process.
client_secrettruestringThe API secret obtained during the app generation process. This private key remains confidential, known only to the application and the authorization server.
redirect_uritruestringThe URL provided during app generation.
grant_typetruestringThis value must always be authorization_code.
Responses

Response Body

{
  "email": "******",
  "exchanges": ["NSE", "NFO", "BSE", "CDS", "BFO", "BCD"],
  "products": ["D", "CO", "I"],
  "broker": "UPSTOX",
  "user_id": "******",
  "user_name": "******",
  "order_types": ["MARKET", "LIMIT", "SL", "SL-M"],
  "user_type": "individual",
  "poa": false,
  "is_active": true,
  "access_token": "******************"
  "extended_token": "******************"
}
NameTypeDescription
emailstringE-mail address of the user
exchangesstring[]List of exchanges enabled for the user. Valid exchanges can be found in the Exchange Appendix
productsstring[]Lists the types of products enabled for the user.
Possible values: I, D, CO, MTF
brokerstringThe broker ID
user_idstringUniquely identifies the user (commonly referred as UCC)
user_namestringName of the user
order_typesstring[]Order types enabled for the user.
Possible values: MARKET, LIMIT, SL, SL-M
user_typestringIdentifies the user's registered role with the broker. This will be individual for all retail users
poabooleanIndicates whether the user has authorized power of attorney for transactions.
is_activebooleanIndicates if the account status is active.
access_tokenstringThe authentication token to be used with every subsequent API request.
extended_tokenstringThis token is designed for prolonged usage, primarily for read-only access to various API endpoints. For more detailed information on the extended token, including its benefits and how to opt for it, please refer to the Extended Token Documentation.

Sample Code

Get access token using auth code

import requests

url = 'https://api.upstox.com/v2/login/authorization/token'
headers = {
    'accept': 'application/json',
    'Content-Type': 'application/x-www-form-urlencoded',
}

data = {
    'code': '{your_code}',
    'client_id': '{your_client_id}',
    'client_secret': '{your_client_secret}',
    'redirect_uri': '{your_redirect_url}',
    'grant_type': 'authorization_code',
}

response = requests.post(url, headers=headers, data=data)

print(response.status_code)
print(response.json())
Loading...