Update Static IPs API | Upstox Developer API

Update Static IPs

API to update the primary and optional secondary static IP addresses for your user account (user-level registration). The same IPs apply across your API usage regardless of which OAuth client issued the token.

Platform rules (aligned with My Apps guide):

Static IPs can only be changed once per calendar week.
After a successful update, the existing access tokens are invalidated and you need to generate a new one.
When enforcement is active, orders may be rejected unless traffic originates from a registered IP.
primary_ip and secondary_ip must use standard IPv4 or IPv6 address notation.

Request

curl --location --request PUT 'https://api.upstox.com/v2/user/ip' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {your_access_token}' \
--data '{
  "primary_ip": "203.0.113.10",
  "secondary_ip": "203.0.113.11"
}'

For additional samples in various languages, please refer to the Sample code section on this page.

Request Body

Name	Required	Type	Description
primary_ip	true	string	Primary static IP (IPv4 or IPv6, standard notation) from which API order traffic must originate once enforcement is active.
secondary_ip	false	string	Optional secondary static IP (IPv4 or IPv6, standard notation) for backup or failover. Omit the field if you do not need a secondary IP.

Responses

Response Body

{
  "status": "success",
  "data": {
    "user_id": "858644",
    "primary_ip": "122.181.101.247",
    "secondary_ip": "128.1.1.2",
    "primary_ip_updated_at": "2026-04-03 17:17:50",
    "secondary_ip_updated_at": "2026-04-03 17:17:50",
    "access_tokens_invalidated": true
  }
}

Name	Type	Description
status	string	Outcome of the request. Typically `success` for successful operations.
data	object	User-level static IP configuration for the authenticated account after the update.
data.user_id	string	Upstox user_id for the authenticated account.
data.primary_ip	string	Registered primary static IP (IPv4 or IPv6, standard notation).
data.secondary_ip	string	Registered secondary static IP, if configured (IPv4 or IPv6, standard notation). May be omitted or `null` if not set.
data.primary_ip_updated_at	string	Timestamp when the primary IP was last updated (server time).
data.secondary_ip_updated_at	string	Timestamp when the secondary IP was last updated, if configured. May be omitted or `null` if never set.
data.access_tokens_invalidated	boolean	When `true`, existing access tokens were invalidated; complete the OAuth flow again for a new token.

Error codes

Error code	Description
UDAPI1179	You are not allowed to update this app. - Returned when the authenticated user or token is not permitted to update static IPs for this account.
UDAPI1180	App is inactive. - The OAuth client (API app) used for this token is inactive; activate it before updating static IPs.
UDAPI1181	Static IP configuration is not available for this application type. - Static IP registration is not enabled for this client or account type.
UDAPI1182	Primary IP is required. - The request body must include `primary_ip`.
UDAPI1183	Invalid IP. - The supplied value is not valid IPv4 or IPv6 address notation.
UDAPI1184	Primary and secondary IP must be different. - `primary_ip` and `secondary_ip` must not be the same.
UDAPI1185	Static IP can only be updated once per week. - Wait until the weekly cooldown ends before changing static IPs again.
UDAPI1186	Static IP was updated by another request. Please retry. - A concurrent update completed; submit your request again.

Invalid or expired access tokens and other gateway-level failures follow the standard API error format. Check the errors array for message, error_code, and related fields.

Sample Code

Update static IPs for the authenticated user

Python
Node.js
Java
PHP

import requests

url = 'https://api.upstox.com/v2/user/ip'
headers = {
    'Accept': 'application/json',
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {your_access_token}'
}

data = {
    'primary_ip': '203.0.113.10',
    'secondary_ip': '203.0.113.11'
}

response = requests.put(url, headers=headers, json=data)
print(response.text)

const axios = require('axios');

const url = 'https://api.upstox.com/v2/user/ip';
const headers = {
  'Accept': 'application/json',
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {your_access_token}'
};

const data = {
  primary_ip: '203.0.113.10',
  secondary_ip: '203.0.113.11'
};

axios.put(url, data, { headers })
  .then(response => console.log(response.data))
  .catch(error => console.error(error.response?.data || error));

import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;

public class Main {

    public static void main(String[] args) {
        try {
            URL url = new URL("https://api.upstox.com/v2/user/ip");
            HttpURLConnection connection = (HttpURLConnection) url.openConnection();

            connection.setRequestMethod("PUT");
            connection.setRequestProperty("Accept", "application/json");
            connection.setRequestProperty("Content-Type", "application/json");
            connection.setRequestProperty("Authorization", "Bearer {your_access_token}");

            connection.setDoOutput(true);

            String json = "{\"primary_ip\": \"203.0.113.10\", \"secondary_ip\": \"203.0.113.11\"}";

            try (OutputStream os = connection.getOutputStream()) {
                byte[] input = json.getBytes(StandardCharsets.UTF_8);
                os.write(input, 0, input.length);
            }

            int code = connection.getResponseCode();
            System.out.println("Response Code: " + code);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

<?php

$url = 'https://api.upstox.com/v2/user/ip';
$headers = array(
    'Content-Type: application/json',
    'Accept: application/json',
    'Authorization: Bearer {your_access_token}'
);

$data = json_encode(array(
    'primary_ip' => '203.0.113.10',
    'secondary_ip' => '203.0.113.11'
));

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

curl_close($ch);

echo "Response Code: " . $httpCode . PHP_EOL;
echo "Response: " . $response . PHP_EOL;
?>