Я его выгнал. На лице Сьюзан на мгновение мелькнуло недоумение. Она побледнела и прошептала: – О Боже… Стратмор утвердительно кивнул, зная, что она догадалась.

Zerodha kite google authenticator – zerodha kite google authenticator

Important thing is when you talk to Zerodha support they says it’s SEBI requirement however I don’t see any other broker requires it. This will impact heavily for people who are managing corporate accounts where multiple people can login to single account, and people who are managing family members accounts on their behalf, as login would require real time otp which is not possible in these cases.

Matti Kindly think if rollback is possible if none of the other brokers has mandated or think of the way if token generation possible without totp Margin rules, freak trades ,now this totp – traders life is becoming tougher and tougher. It’s not required for every order. You can use the same request token to generate access token, use it for all further requests like earlier.

Nothing changes, while making API calls. So, soon or later it will be coming on all trading platforms irrespective. This is pathetic. Why hurry to implement a regressive circular by SEBI when others are not doing it? Using selenium web driver earlier it was possible to fully automate login. Now its not possible. Why make life miserable for retailers while giving all the exceptions to platforms like sensibull???

Matti Is this applicable for normal Kite website users as well? You said these enforcement may come from SEBI but Its also mean that it may not come from SEBI OR SEBI allows Pin based 2FA which will not require any changes in current system 1 API users have created automated system only because they don’t want to do any manual task and run their system place order and do trading even when they are on their vacation or doing something important.

We may be at any remote location where there is no internet but by making our system completely automated and putting it on cloud machine we are ensuring that it is working independently of human intervention 2 It is not possible to run our system on All Trading days by manually enter TOTP and this will lead to data loss.

Every Algo uses historical data and since you already stop the support for Pi and you are charging another rs for historical data API , running our automated system on all trading days in order to collect data is our only way around here.

Don’t you think as loyal customer of zerodha we deserve better. People using your API, will have problems with this new mandatory action by zerodha. Please give this a second thought. Automated logins are a different thing. Ravis September Normal order placement is taking around secs. Did your team implement this functionality and could this be the reason behind performance issues? This is impacting my trade in a big way. Please look into this. Please note that Kiteweb works fine.

PIN should be ok. We may be at any remote location where there is no internet but by making our system completely automated and putting it on cloud machine we are ensuring that it is working independently of human intervention As whity just said, this was never allowed to begin with. If you were doing it, you were in violation of the terms of use of the APIs.

Kite Connect is a suite of order execution APIs, not a data vending product. We can’t really look at means to facilitate some users accessing accounts for other users.

No, this hasn’t gone live yet, nor will it be live until October. Nothing has changed on our end. Matti In my opinion , people use API to create algorithm and for algorithm to run correctly , It needs data please suggest me if you have any other way where any algorithm can take decision of buying and selling without data.

If API provided by you guys should only use for order execution then why shouldn’t we use kite website or mobile app to place order. Why would anyone use API only to place orders. We recommend you to generate candles at your end using Websocket API data.

Because we have been asked questions by regulators about what we are doing to secure our users’ accounts and to take additional steps when it comes to the APIs. No one else has been asked by SEBI? Are you securing API users from themselves?

Please help me understand the risk. In my opinion , people use API to create algorithm and for algorithm to run correctly , It needs data please suggest me if you have any other way where any algorithm can take decision of buying and selling without data This is why we do provide data as an add on.

The only reason I even brought up the fact that Kite Connect isn’t a data vending product is because you talked about data collection. Changes can’t be based on that. Matti And for data as add on you charge another Just give me one reason why shouldn’t we store tick data in our personal database. Are we not supposed to be smart enough? While we understand the inconvenience, this is decision is based on updated risk and cyber security assessments.

As we have already mentioned above, 2FA is mandated by SEBI for all platforms that most platforms don’t offer it is a different matter. This very likely will happen industrywide soon too.

Can you please respond to this? Let SEBI say the same. Let SEBI elaborate the definition in more correct way. Why you guys are in so much hurry. And for data as add on you charge another I am not saying any of that. I simply said policy decisions cannot be based on these considerations. This is a security policy and has nothing to do with data. Unfortunately, the token flush times are timed to follow a large number of end of the day processes and cannot be moved.

While i am a loyal user of zerodha API because of its stability, now some of the below mentioned reasons dragging me away for alternatives: 1. No OTM options buy 2. Charging per month, even when i m generating lakhs of brokerage for them. Additional overhead in token generation because of TOTP.

I understand that sooner or later it will be made mandatory, but let that time come, it could be 1 or 2 years, atleast our life will be easy till then. Why necessary trouble us when our returns are already impacted heavily because of margin rules.

Can you please respond on that and provide us the reason behind this urgent need. Matti Please make it optional. Whoever wants additional security can opt for that. The change is that we’re mandating it now, and perhaps soon for all other platforms as well. If time permits I will write a post on how to do it, but as all of us are devs here, just check below pointers.

QR holds a key you can copy that by clicking link below it. Use that key and system time to generate TOTP. Just supply the key you got from step 2. So its not so difficult to automate login. Thanks amit0. I am talking about before 1st October. May be helpful for python developers It only changes whenever you change your 2FA app or re-register.

I did see your comment that a lot of things happen before you can flush it I’m assuming including calculating funds in the account. However, I assume the token is only accessible by the user and not by Zerodha – so flushing really shouldn’t have an impact on your systems.

Maybe internally you can hash the previous token and continue your processes, but flush the user token so we can generate a new one earlier? In short I’m proposing a new internal token you use for whatever processes you have which require it I don’t know why it should be used – but whatever the reasons it solves your purpose and the user token can be flushed.

Can you please share the steps in kite connect for this. What is the secret key here? What need to passed under KiteInstance.

AccessToken; KiteInstance. Matti Its strange to see that these rules don’t apply to kite mobile app? Care to explain the rationale? I understand that order placement will be rejected b. But please confirm that other read-only api’s like ltp, quote will still work. Just a question out of curiosity. The use of TOTP to safeguard against suspicious trades was a helpful feature. With this change there is no protection against such trades.

Developers will always find a way around it one way already discussed here. Trying to stop them from fully automating stuff is everyone’s waste of time and resources. Otherwise It will be difficult to find the right code for this. I understand that order placement will be rejected Yes, all order placement-related calls will be throwing Yes, this will work as before. Yes, we will update the login flow documentation , before going live i.

I would like to see the documentation updated for. Net API client. Zerodha should first update the documentation then announcement should be made. Please postpone the date. Provide some time to user to update the code. Functionally, the APIs remain unchanged. Thanks Matti. Sorry for the confusion. I am able to login without any code changes after enabled TOTP option in kite web. Guhan September I am using it and it is working perfectly well using selenium. Trust me it’s as seamless as without, with the added peace of having another layer of security.

I have the Authy app on 2 devices for token generation, just in case. Congrats to Zerodha team for implementing this well. JeetKumar October Hi, Consider this please. I am an “almost blind” person, and I got my API system developed because I was having major problems using kite apps and website to place order. Its an issue with every broker in India. The apps and websites are difficult to use by blind or almost blind people.

Everything was ok with API, I could trade using my own “simpler” platform, built specifically for me. Everything works with my screen reader on my simpler platform, no problems. Now you are implementing this 2FA system, which requires me to use a third party app on smart phones to get a code daily, and use that code to login within 30 seconds.

Is that right? It will take me over a minute to even open the app, let alone read the code using accessibility technology of the phone By that time, the login flow has expired, am I right? So I need to find someone everyday who can help me login to zerodha, “daily” Why is India so inconsiderate and insensitive towards blind people? SEBI has no idea that even blind people are trading?

I am sincerely asking and requesting, please keep this optional. Please do not make it manditory. Anyone who requires higher security, they can opt for the system, or else, let the user be responsible for their API and account security. You can update your terms of use and make us accept the terms, and let the user be responsible for the security. No need for you to take the responsibility and implement password layer over layer over layer over layer in the name of security.

I will happily take the responsibility of securing my API and account, no problem. Can you please give me a direct line of communication with SEBI?

I will take up this issue with them as well. If I give you a written complaint as zerodha user, can you forward it to SEBI, asking them to consider? It will have more impact on SEBI if the request goes through you, instead of me as individual Its really sad to see how insensitive decision makers are in India, specially when it comes to accessibility ZERO idea of our problems. Totally zero. Again, sincerely asking, please please reconsider this decision.

It will make things a lot lot difficult for people like me. Please reconsider this. Honest, it will make so much problem for people like me You have no idea Can someone be kind enough to give me details on how to setup this “google authenticator” app on my android phone, and then how to connect it to zerodha Matti October Hi JeetKumar We understand the situation and can sympathise with your plight.

However, we can’t make an exception to complying with SEBI rules. Matti That’s the whole point. If SEBI is the dictator, then as service providers you must make them aware of situations of your customers, people like me. I am sure that I am not the only blind person in your client list. There must be many more. But you are giving me a straight “NO” as answer But also give disabled people an alternative.

Where is that alternative? The time-based passwords are available offline and provide user-friendly, increased account security when used as a second factor. TOTP codes are generally only valid for 30 seconds. Well, according to their forum , they have been questioned by the regulators several times on what steps they are taking to secure user funds, and accounts and TOTPs are the way forward.

SEBI already recommended this in December , but it is unclear why they waited until now to make it mandatory. It is also quite baffling that no other broker has made it mandatory.

All in all, I think each and everyone in the industry should welcome this move; after all, it is just more security to our accounts. We will use this open-source library pyotp , long live Open Source Contributors.

If you try this 30 seconds later, the TOTP will automatically change; give it a try. Zerodha 2FA registration will give you this secret key which you can provide to the function and use the.

Move on to the next section. Now, before you move on to scanning the QR code generated, click on Can’t scan? Copy the key. This is the key we give to the pyotp module. This will generate a key like below. Please do not try and copy my key; I will have changed it by then :. Now, go ahead and scan this QR code using the Google Authenticator App, and once then, let’s try and put this key into the code we wrote above. It Matches.

Unfortunately, Google Authenticator doesn’t allow you to take screenshots of its app, so I had to take pictures from another phone. So, we now have a solution; we just need to integrate it in our regular Selenium Workflow, which I guess everyone uses to get requestToken.

Before all of this, please ensure you have all the required libraries to run the code; otherwise, it will not work correctly for you. You can use selenium as well if you prefer. Please note, the assumption is that you already have a Zerodha login script that you want to amend; if you are unsure how I constructed the above code, you will be better off looking at my Youtube Channel with a detailed video soon.

Please check the above code where I have mentioned the adjustment starting line and ending. The function should accept the TOTP Key as a parameter we got from Zerodha, and it will return a KiteObj, which you can use to place orders, fetch holdings, and all the regular stuff.

That’s pretty much it, guys!

Mandatory TOTP for all Kite Connect apps – Kite Connect developer forum – About this app

 
Jun 17,  · Go to the kite app. Click on “Profile”, then click the “Manage” button. Click “Enable 2Factor TOTP”. Kindly verify your Email by entering the OTP. A QR code with a key to copy will appear on the screen. You can go to your Google Authenticator and scan the QR code or paste the key there. A six-digit TOTP will appear on the google. Feb 22,  · To get started, simply log on to replace.me Authenticator TOTP login. For added security, Kite now supports mobile authenticator (Google Authenticator, Microsoft Authenticator etc.) based 2Factor TOTP logins. You can set this up by logging into Kite and going to My Profile -> Password & Security. Once this is set up, you will be asked to. If access to the authenticator app is lost, follow these steps: Click on Forgot user ID or password? Enter User ID, PAN and select E-mail¹ or SMS. Enter the Captcha and click on Reset. Enter the OTP received and Continue. Enter and repeat the new password, PIN and click on Save. The OTP may not be received if the mobile number is on DND.

What’s TOTP and How to generate It to Login into Zerodha Kite API using Python?

Kite by Zerodha Zerodha. Everyone info. Zerodha’s flagship trading platform Kite Web as an Android app! Safety starts with understanding how developers collect and share your data. Data privacy and security practices may vary based on your use, region, and age. The developer provided this information and may update it over time.

No data shared with third parties Learn more about how developers declare sharing. This app may collect these data types Personal info, Financial info and 3 others. Data is encrypted in transit. It’s simple and easy but missing lot of things which could enhance the overall experience of the app for intermediate users.

I with they have premarket and after market view. Also the watchlists are not that good. Overall features are fine but there is an annoying bug that keeps happening. When I switch between apps and then open kite, it doesn’t open it shows a black screen. On again going to the app switch screen I’m having to wait for 2 sec and then click on kite to open normally. This is happening many times whenever I context switch the apps. Your widget is very bad. It doesn’t update the values with the current status.

I have to go inside the app and then come out to get it updated. The Application is very fast and user friendly, especially for intraday. But few more things to be included. In Angel one it’s showing, so it’s very much helpful for setting our target and exit positions.

So please do update it. Each watchlist can be interchanged the position according to daily priority. Clarence Public School J. P Nagar 4th Phase Bangalore – Coin by Zerodha. Zerodha Varsity, Stock market education for all. Pulse by Zerodha. Learn: Stock Market Investing. TipRanks Stock Market Analysis. OptionStrat – Options Toolkit. Syfe: Invest Better. Stocktwits – Stock Market Chat.