Skip to main content

Get Token

API to acquire an access token via an authorization_code exchange and concurrently includes the user's profile in the response.


The access_token obtained through this API has a specific validity period that lasts until 3:30 AM the following day, regardless of the time it was generated. For instance, if you generate a token at 8 PM on Tuesday, it will expire at 3:30 AM on Wednesday. This also means that a token created at 2:30 AM on Wednesday will still expire at 3:30 AM on the same Wednesday. Therefore, users are advised to plan their activities accordingly, ensuring they accommodate the token's expiration schedule in their usage.

Header Parameters

Content-TypetruestringIndicates the media type of the resource, set as application/x-www-form-urlencoded.
AccepttruestringDefines the content format the client expects, which should be set to application/json.

Request Body

codetruestringThe code is a unique parameter included in the URL upon a successful Authorize API authentication.
client_idtruestringThe API key obtained during the app generation process.
client_secrettruestringThe API secret obtained during the app generation process. This private key remains confidential, known only to the application and the authorization server.
redirect_uritruestringThe URL provided during app generation.
grant_typetruestringThis value must always be authorization_code.

The code sent as part of this request is valid for a single use, regardless of whether the access token generation succeeds or encounters an issue.


Response Body

"email": "******",
"exchanges": ["NSE", "NFO", "BSE", "CDS", "BFO", "BCD"],
"products": ["D", "CO", "I"],
"broker": "UPSTOX",
"user_id": "******",
"user_name": "******",
"order_types": ["MARKET", "LIMIT", "SL", "SL-M"],
"user_type": "individual",
"poa": false,
"is_active": true,
"access_token": "******************"
"extended_token": "******************"
emailstringE-mail address of the user
exchangesstring[]List of exchanges enabled for the user. Valid exchanges can be found in the Exchange Appendix
productsstring[]Lists the types of products enabled for the user.
Possible values: I, D, CO, MTF
brokerstringThe broker ID
user_idstringUniquely identifies the user (commonly referred as UCC)
user_namestringName of the user
order_typesstring[]Order types enabled for the user.
Possible values: MARKET, LIMIT, SL, SL-M
user_typestringIdentifies the user's registered role with the broker. This will be individual for all retail users
poabooleanIndicates whether the user has authorized power of attorney for transactions.
is_activebooleanIndicates if the account status is active.
access_tokenstringThe authentication token to be used with every subsequent API request.
extended_tokenstringThis token is designed for prolonged usage, primarily for read-only access to various API endpoints. For more detailed information on the extended token, including its benefits and how to opt for it, please refer to the Extended Token Documentation.

If a user attempting to log in has no active segments, the error No segments for these users are active. Manual reactivation is recommended from Upstox app/web. will occur, preventing the Token API from generating the access_token. To resolve this, users must manually reactivate their segment through the Upstox web or mobile application before attempting to log in again.


A comprehensive set of examples is provided to illustrate various use cases and implementation scenarios for this API. To view detailed examples and access sample code, please refer to: API Examples.