“For Authorized Personnel Only.” Everyone must have heard or seen these words at various offices where some rooms are accessible to few people only from the office staff. Who are these authorized personnel? What makes them authorized? What does authorization mean? To answer all these questions, let’s start with an example.

You are working at a bank as an executive. The bank has a locker room locked with certain passcode. Only the bank manager and the cashier know the passcode. With your bank ID, you can enter the premises of the bank with your ID. But you won’t be able to enter the locker room using your ID card.

From the above example, the bank executive has access to the office premises, but not the locker room. While the bank manager and the cashier can access the bank premises as well as the locker room. So, technically speaking, the ID card for bank executive authorize him to access the bank premises, but not the locker room and the ID card for bank manager and cashier authorize him to access the bank premises as well as the locker room.

APIs also use similar authorization through API keys. Every user has been provided with keys through which they can access the APIs. With the right set of keys, users can send requests through APIs and fetch the required data. Within the context of Open APIs, IIFL Securities provide a set of API keys for users. These keys include following parameters.

1. App Name: A unique name defined for application of the user developed using Open APIs.
   
2. App Source: A unique integer value defined for every user to check whether orders are coming from a valid authorized source.
   
3. User Key: A unique key defined for every user to access the APIs.
   
4. Ocp-Apim-Subscription-Key: A static key common for every user which acts as a passcode for communication to the server.

With the help of the above keys, users are authorized to access the APIs and fetch data through them. Any wrong combination of such keys won’t provide the data to the user through the APIs and requests will show an error. Keeping such set of keys enhances the security of your account and provides a strong cyber security layer. IIFL Securities customers who have generated these set of keys can access the functionalities of their account through Open APIs.

Another authorization is maintained for partners like Smallcase, Sensibull, Wealthdesk, Quicko, etc. who provides value added products to IIFL Securities customers. Whenever a customer logs in to the platform of a partner for the very first time, they are asked for a consent to allow the partner to fetch the account data through APIs. Partners can use the APIs for only those customers who have provided consent during first time login.

How can I generate the API Keys?

IIFL Securities customers can generate the API keys by following simple steps as mentioned below:

1. Login to the trading terminal of IIFL Securities.
   
2. In the upper navigation tab, go to “My Account” > “Profile” > “My Details”.
   
3. In the “Equity” section, go to “Trading API” tab.
   
4. You will see a “Generate Keys” button there. Click on it and your API keys will be able on the same page.

Partners can mail their sales deck and few information including partner name, email address and contact number to apisupport.broking@iifl.com. IIFL Securities Open API team will reach out to you and generate your API keys.