-
Notifications
You must be signed in to change notification settings - Fork 3
Log into Upstox
Upstox's login process is a two-step process (OAuth) where:
- You need access to a browser to log into Upstox and authorize your app.
- You then need to generate an Access Token, which is used to authenticate every API request you make to Upstox.
To complete step #2 you'll need an application that is capable of receiving web requests. So, we will start with the set-up for step #2, so that when we begin with login, we would have everything in place.
You can try out the login flow without having to run the application, through CURL. Jump to the last section on this page.
To make your life easier, there is a demo project available that you can download and run. It is available here.
We are going to assume the API Key to be
ABC12345XYZand API Secret as123ABCfor this tutorial.
If you are using the riko-starter demo project, then you have everything in place. For those who don't have, follow on:
Create a web application (outside the scope of this tutorial) and add an endpoint to your web application that accepts GET requests with a parameter named code.
The example below shows how it is done in a SpringMVC based web application
@RequestMapping(value = "/callback", method = GET)
public ModelAndView callback(@RequestParam(required = false) String code)
throws Exception {
log.info("Received code from Upstox - {}", code);
...
}Thus we have an endpoint /callback that accepts GET requests and a parameter code. So, if you are running your application locally on your system, on port 8080 then we have the endpoint as http://localhost:8080/callback. We are going to call this URI as Redirect URI.
Log onto the Upstox's developer portal and edit your app. You'll see the field to enter the Redirect URI. Enter http://localhost:8080/callback against that field and save/update.
IMPORTANT: Every time, you change the Redirect URI, you'll have to update it on the developer portal too!
Before you start, ensure that your application is running and ready to accept requests on http://localhost:8080/callback. Also, keep your API Key and API Secret handy.
Open your browser and put in the following URL (update the URL below with your API Key and the correct Redirect URI):
https://api.upstox.com/index/dialog/authorize?apiKey=ABC12345XYZ&redirect_uri=http://localhost:8080/callback&response_type=code
You'll be first authenticated (by providing your username, password & passcode) and then you'll authorize your application (by clicking the authorize button).
Step #1 complete!
Once you have authorized your application, behind the scene, Upstox will make a request to your web application on the provided Redirect URI and provide a code.
We need to use this code along with API Key and API Secret and finally receive the Authentication Token.
@RequestMapping(value = "/callback", method = GET)
public ModelAndView callback(@RequestParam(required = false) String code)
throws Exception {
log.info("Received code from Upstox - {}", code);
// Prepare the request with the 'code' you just received
final TokenRequest tokenRequest = new TokenRequest(code, GRANT_TYPE, REDIRECT_URI);
try {
// Make the request to retrieve the access token
final AccessToken accessToken = loginService.getAccessToken(tokenRequest).get();
// Save the 'accessToken' into a database
...
} catch (ExecutionException | InterruptedException e) {
log.fatal("Error obtaining access token", e);
throw e;
}
...
}Step #2 complete!
- Setup a call back URL. Also called Redirect URI as mentioned in the steps above. In example below I am going to use
http://localhost:8080/callbackas the Redirect URI. Ensure you have configured the same on your Upstox application preferences/settings on the developer portal. - Ask for the
code. Using a browser visit:
https://api.upstox.com/index/dialog/authorize?apiKey=ABC12345XYZ&redirect_uri=http://localhost:8080/callback&response_type=codeYou would receive a code. For our example we will assume the code to be 123456789.
3. Retrieve the authentication token by making the following request:
curl -u ABC12345XYZ:123ABC \
-H 'Content-Type: application/json' \
-H 'x-api-key: ABC12345XYZ' \
-d '{"code" : "123456789", "grant_type" : "authorization_code", "redirect_uri" : "http://localhost:8080/callback"}' \
-X POST 'https://api.upstox.com/index/oauth/token'