Overview

The Login with TOTP authentication for Kotak Securities Trade API allows secure and automated user authentication by leveraging Time-based One-Time Passwords (TOTP). This is a three-step process:

1. Step 1: Register for TOTP via NEO (one time process)
2. Step 2: Validate the user's credentials and TOTP to receive a session token and view token.
3. Step 3: Use the session information and MPIN to complete the login and receive a trade token.

Below is comprehensive, user-friendly documentation for both steps.

Step 1: Register for TOTP

TOTP stands for Time-based One-Time Password. Unlike SMS OTP, which is sent to your phone, a TOTP is generated every 30 seconds in an authenticator app (e.g., Google Authenticator, Microsoft Authenticator).

1. On API Dashboard, click TOTP Registration.
2. Verify with your mobile number, OTP, and client code.
3. Scan QR code with Google/Microsoft Authenticator (application can be downloaded from playstore/appstore).
4. Enter the generated TOTP.
5. Confirm “TOTP successfully registered”

Step 2: Login with TOTP

API Access Token is issued from the NEO App. Go to Invest → Trade API, create an app under Your Applications, and copy the token shown. This token is your access token, and must be passed in the Authorization header of the Login APIs.

1. Introduction

Authenticate your account using mobile number, UCC, and TOTP. On success, you receive a view token (token), along with session identifiers to be used in the next step.

2. API Endpoint

POST <https://mis.kotaksecurities.com/login/1.0/tradeApiLogin>

3. Headers