Skip to content

Authentication

SSO based Authentication

Single Sign-On (SSO) authentication allows users to securely log in to multiple applications using a single set of credentials. Instead of entering a username and password separately for each system, the user authenticates once through a central identity provider (IdP). The IdP then issues a secure authentication token or code (e.g., authCode) that is validated by the target application.

In API-based workflows, the client passes:

  • A vendor ID to identify the requesting system.
  • An authCode (issued by the IdP) to confirm the user's identity.

SSO Login

Method APIS Detail
POST sso/vendor/auth/getUserDetails Get user Detail

Get User Detail

This API is used to authenticate a user using SSO (Single Sign-On) by passing a valid authCode received from the identity provider (e.g., via QR code or redirect) along with a registered vendor ID. On success, it returns the user's basic profile and session information.

Request Structure

{
  "vendor": "QYPdhBfGbfsSOFb",
  "authCode": "59E4VTFKINI13OBAWOS3"
}

Input parameters

Field Type Description
vendor String Unique identifier assigned to the application/system initiating SSO login.
authCode String Redirect from identity provider, used to authenticate the session.

Response Structure

{
    "stat": "Ok",
    "clientId": "XXXXXXX",
    "userSession": "XXXXXXXXXXXXXXX"
}

Input parameters

Field Type Description
stat String General status of the API call (e.g., "Ok").
clientId String The unique identifier for the client/user (e.g., "TEST101").
userSession String (JWT Token) A JWT (JSON Web Token) which is used for authentication and authorization in further API calls. Contains encoded user identity and roles.

Login

Method APIS Detail
Post access/pwd/validate Validate password
Post access/otp/send Resend OTP
Post access/otp/validate Validate OTP
Post access/topt/verify Verify TOTP

Validate Password

The Validate Password API is used to authenticate a user by verifying their credentials and device/application details during login.

Request Structure

{
    "userId":"<USER_ID>",
    "password":"Password",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d", 
    "versionNo": "1.0.0.1.4", 
    "appName": "RMONEY", 
    "osName": "MOBIOS" 
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
password String The password associated with the user's account. Used to authenticate the client.
deviceId String Unique ID of the device used for login.
versionNo String Version number of the app or platform being used.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "message": "An OTP has been sent to your registered Mobile Number and email.",
        "status": "Success",
        "userId": "XXXXXXX",
        "emailId": "mo************in",
        "mobileNumber": "95******84",
        "resendOtpAfter": "60",
        "resendOtpCountsLeft": "4",
        "isTOtpAvailable": false,
        "token": "XXXXXXX"
    }
}

Response parameters

Field Type Description
message String Message confirming OTP sent to registered mobile and email.
status String Status of the request (e.g., "Success", "Failed").
userId String Masked user ID.
emailId String Masked registered email ID.
mobileNumber String Masked registered mobile number.
resendOtpAfter String Time in seconds after which the user is allowed to resend the OTP.
resendOtpCountsLeft String Number of OTP resend attempts remaining.
isTOtpAvailable boolean if Time-based OTP (TOTP) is enabled (true or false).
token String Temporary token to be used for OTP verification in the next API call.

Resend OTP

The Resend OTP API is used to send a new One-Time Password (OTP) to the user’s registered mobile number and/or email in case the previous OTP was not received or expired.

Request Structure

{
    "userId":"<USER_ID>",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d", 
    "versionNo": "1.0.0.1.4", 
    "appName": "RMONEY", 
    "osName": "MOBIOS" 
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
deviceId String Unique ID of the device used for login.
versionNo String Version number of the app or platform being used.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "message": "An OTP has been sent to your registered Mobile Number and email.",
        "status": "Success",
        "userId": "XXXXXX",
        "emailId": "mo************in",
        "mobileNumber": "95******84",
        "resendOtpAfter": "60",
        "resendOtpCountsLeft": "4",
        "isTOtpAvailable": false
    }
}

Response parameters

Field Type Description
message String Message confirming OTP sent to registered mobile and email.
status String Status of the request (e.g., "Success", "Failed").
userId String Masked user ID.
emailId String Masked registered email ID.
mobileNumber String Masked registered mobile number.
resendOtpAfter String Time in seconds after which the user is allowed to resend the OTP.
resendOtpCountsLeft String Number of OTP resend attempts remaining.
isTOtpAvailable boolean if Time-based OTP (TOTP) is enabled (true or false).

Validate OTP

To verify the OTP (One-Time Password) received by the user on their registered mobile number or email during login.

Request Structure

{
    "userId":"<USER_ID>",
    "receivedOtp": "123456",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY",
    "osName": "MOBIOS",
    "source":"API",
    "vendor":"QYPdhBfGbfsSOFb"
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
receivedOtp String OTP received by the user that needs to be validated.
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")
source String Source of the request (e.g., "API", "WEB", "MOBILE").
vendor String Vendor code or identifier for internal tracking (e.g., partner/vendor name).

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "success": "Success",
        "serverDate": "2025-06-17 12:49:53",
        "clientType": "ACTIVE",
        "versionChanged": "N",
        "bulkOrderAllowed": "Y",
        "runningAuthorization": "Y",
        "clientName": "saranya",
        "passwordChangeMessage": "NA",
        "poaStatus": "",
        "ckycStatus": "ACTIVE",
        "isDormant": "N",
        "roleDescription": "NA",
        "isCommIntraAllowed": "N",
        "isVtdAllowed": "N",
        "isAliasOrderAllowed": "N",
        "isDemoTrial": "N",
        "userRole": "ACTIVE",
        "message": "NA",
        "status": "ACTIVE",
        "passChangeFlag": "N",
        "allowNseCash": "Y",
        "allowNseFo": "Y",
        "allowNcdex": "Y",
        "allowBseFo": "Y",
        "allowBseCash": "Y",
        "allowMcxComm": "Y",
        "allowNseCurrency": "Y",
        "allowBseCurrency": "Y",
        "allowBseYComm": "Y",
        "allowNSEYComm": "Y",
        "nseCurrViewRights": "Y",
        "nseCashViewRights": "Y",
        "nseFoViewRights": "Y",
        "bseCashViewRights": "Y",
        "bseFoViewRights": "Y",
        "ncdexViewRights": "Y",
        "mcxCommViewRights": "Y",
        "bseCurrViewRights": "Y",
        "bseCommViewRights": "Y",
        "nseCommViewRights": "Y",
        "accessToken": "XXXXXXXXX",
        "redirectUrl": "https://webuat.rmoneyindia.co.in/admin/#/?authcode=0ZAFF21SJ32V9A7PCYKP&clientid=TEST102",
        "userId": "XXXXXXXX",
        "isAuthorized": false
    }
}

Response parameters

Field Type Description
success String Indicates success of the operation.
serverDate String Server timestamp in YYYY-MM-DD HH🇲🇲ss format.
clientType String Type of client status (e.g., "ACTIVE", "INACTIVE").
versionChanged String Flag to check if the app version needs to be updated ("Y" or "N").
bulkOrderAllowed String Whether the user can place bulk orders ("Y" or "N").
runningAuthorization String Indicates if session authorization is in progress ("Y" or "N").
clientName String Name of the logged-in client.
passwordChangeMessage String Message related to password change requirement or status.
poaStatus String Status of Power of Attorney (if applicable).
ckycStatus String CKYC (Central KYC) verification status.
isDormant String Indicates whether the account is dormant ("Y" or "N").
roleDescription String Description of user role (if any).
isCommIntraAllowed String Intra-commodity trading permission.
isVtdAllowed String Indicates if Virtual Trading Desk access is allowed.
isAliasOrderAllowed String Flag for alias order feature access.
isDemoTrial String Whether the user is on a demo/trial account.
userRole String Role assigned to user (e.g., "ACTIVE", "GUEST").
message String Additional message field (if any).
status String Status of user (usually same as clientType).
passChangeFlag String Flag indicating if password change is required.
allowNseCash String Access to NSE Cash segment ("Y"/"N").
allowNseFo String Access to NSE Futures & Options.
allowNcdex String Access to NCDEX commodities.
allowBseFo String Access to BSE Futures & Options.
allowBseCash String Access to BSE Cash.
allowMcxComm String Access to MCX commodities.
allowNseCurrency String Access to NSE currency market.
allowBseCurrency String Access to BSE currency market.
allowBseYComm String Access to BSE Yield Commodities.
allowNSEYComm String Access to NSE Yield Commodities.
nseCurrViewRights String Can view NSE currency market.
nseCashViewRights String Can view NSE cash market.
nseFoViewRights String Can view NSE F\&O market.
bseCashViewRights String Can view BSE cash market.
bseFoViewRights String Can view BSE F\&O market.
ncdexViewRights String Can view NCDEX.
mcxCommViewRights String Can view MCX.
bseCurrViewRights String Can view BSE currency.
bseCommViewRights String Can view BSE commodities.
nseCommViewRights String Can view NSE commodities.
accessToken String JWT token used for authenticated API requests.
userId String Unique user ID.
isAuthorized boolean Whether user is authorized for further actions.

Verify TOTP

TOTP (Time-based One-Time Password) is a form of Two-Factor Authentication (2FA) that generates a unique, time-sensitive code used to verify a user's identity.

Request Structure

{
    "userId":"<USER_ID>",
    "totp": "123456",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY",
    "osName": "MOBIOS"
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
totp String 6-digit TOTP from authenticator app (time-sensitive).
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "success": "Success",
        "serverDate": "2025-06-17 17:47:42",
        "clientType": "ACTIVE",
        "versionChanged": "N",
        "bulkOrderAllowed": "Y",
        "runningAuthorization": "Y",
        "clientName": "saranya",
        "passwordChangeMessage": "NA",
        "poaStatus": "",
        "ckycStatus": "ACTIVE",
        "isDormant": "N",
        "roleDescription": "NA",
        "isCommIntraAllowed": "N",
        "isVtdAllowed": "N",
        "isAliasOrderAllowed": "N",
        "isDemoTrial": "N",
        "userRole": "ACTIVE",
        "message": "NA",
        "status": "ACTIVE",
        "passChangeFlag": "N",
        "allowNseCash": "Y",
        "allowNseFo": "Y",
        "allowNcdex": "Y",
        "allowBseFo": "Y",
        "allowBseCash": "Y",
        "allowMcxComm": "Y",
        "allowNseCurrency": "Y",
        "allowBseCurrency": "Y",
        "allowBseYComm": "Y",
        "allowNSEYComm": "Y",
        "nseCurrViewRights": "Y",
        "nseCashViewRights": "Y",
        "nseFoViewRights": "Y",
        "bseCashViewRights": "Y",
        "bseFoViewRights": "Y",
        "ncdexViewRights": "Y",
        "mcxCommViewRights": "Y",
        "bseCurrViewRights": "Y",
        "bseCommViewRights": "Y",
        "nseCommViewRights": "Y",
        "accessToken": "XXXXXXXXX",
        "userId": "XXXXXXXX",
        "isAuthorized": false
    }
}

Response parameters

Field Type Description
success String Indicates success of the operation.
serverDate String Server timestamp in YYYY-MM-DD HH🇲🇲ss format.
clientType String Type of client status (e.g., "ACTIVE", "INACTIVE").
versionChanged String Flag to check if the app version needs to be updated ("Y" or "N").
bulkOrderAllowed String Whether the user can place bulk orders ("Y" or "N").
runningAuthorization String Indicates if session authorization is in progress ("Y" or "N").
clientName String Name of the logged-in client.
passwordChangeMessage String Message related to password change requirement or status.
poaStatus String Status of Power of Attorney (if applicable).
ckycStatus String CKYC (Central KYC) verification status.
isDormant String Indicates whether the account is dormant ("Y" or "N").
roleDescription String Description of user role (if any).
isCommIntraAllowed String Intra-commodity trading permission.
isVtdAllowed String Indicates if Virtual Trading Desk access is allowed.
isAliasOrderAllowed String Flag for alias order feature access.
isDemoTrial String Whether the user is on a demo/trial account.
userRole String Role assigned to user (e.g., "ACTIVE", "GUEST").
message String Additional message field (if any).
status String Status of user (usually same as clientType).
passChangeFlag String Flag indicating if password change is required.
allowNseCash String Access to NSE Cash segment ("Y"/"N").
allowNseFo String Access to NSE Futures & Options.
allowNcdex String Access to NCDEX commodities.
allowBseFo String Access to BSE Futures & Options.
allowBseCash String Access to BSE Cash.
allowMcxComm String Access to MCX commodities.
allowNseCurrency String Access to NSE currency market.
allowBseCurrency String Access to BSE currency market.
allowBseYComm String Access to BSE Yield Commodities.
allowNSEYComm String Access to NSE Yield Commodities.
nseCurrViewRights String Can view NSE currency market.
nseCashViewRights String Can view NSE cash market.
nseFoViewRights String Can view NSE F\&O market.
bseCashViewRights String Can view BSE cash market.
bseFoViewRights String Can view BSE F\&O market.
ncdexViewRights String Can view NCDEX.
mcxCommViewRights String Can view MCX.
bseCurrViewRights String Can view BSE currency.
bseCommViewRights String Can view BSE commodities.
nseCommViewRights String Can view NSE commodities.
accessToken String JWT token used for authenticated API requests.
userId String Unique user ID.
isAuthorized boolean Whether user is authorized for further actions.

Unblock and Forget Password

Base URL: https://webuat.rmoneyindia.co.in/auth/v1/

Method APIS Detail
Post access/client/unblock Unblock Account
Post access/client/unblock/verify Verify Unblock
Post access/pwd/forgot Forget Password
Post access/pwd/forgot/verify Verify Forget Password
Post access/pwd/reset Reset Password

Unblock Account

To unblock a user's account after it has been temporarily locked (e.g., due to multiple failed login attempts, security reasons, etc.).

Request Structure

{
    "userId": "XXXXXX",  
    "pan": "XXXXXXX",
    "osName": "MOBIOS",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY"
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
pan String PAN number of the user (Permanent Account Number). Used for identity validation.
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "message": "An OTP has been sent to your registered Mobile Number and email.",
        "status": "Success",
        "userId": "XXXXXX",
        "emailId": "go*****************in",
        "mobileNumber": "98******90",
        "resendOtpAfter": "60",
        "resendOtpCountsLeft": "4",
        "isTOtpAvailable": false,
        "token": "1T6C5K4RAOPJC9X6SQL0SQ0HGU1HVHUZ3MBBNRDPMQ3SN0VYUY1O68ZK3ZMYH4TC86D0R2D37TYZCUTJRGSW5HHR8P0S33EQF7Y6Q75LWYT8P2VMH2LQL3TCICWK9A2E8ZDMT24HHL2OMC9SCMQEEFEDNXWCU7A9BWGXJJJW0NWQ611HIU549QAH2GESUS1X6GRDNR5MR1MMF3KE17MZHFUMWF2Z55N529W12J207FUWJUOQQC9D2JY21V94ZPYD"
    }
}

Response parameters

Field Type Description
message String Confirmation message indicating the OTP was sent.
status String Status of the OTP request (e.g., "Success").
userId String Unique identifier for the user (e.g., "TEST112").
emailId String Masked email address where the OTP was sent.
mobileNumber String Masked mobile number where the OTP was sent.
resendOtpAfter String Time in seconds to wait before another OTP can be requested (e.g., "60").
resendOtpCountsLeft String Number of remaining times the user can request to resend the OTP (e.g., "4").
isTOtpAvailable boolean Indicates if Time-based OTP (TOTP) is available for the user (e.g., false).
token String A long alphanumeric String (possibly JWT or session token) used for authentication/authorization in the next step of the process.

Verify Unblock

To verify OTP or confirmation for unblocking a user’s account after an unblock request has been initiated. This step ensures the user is authorized to unblock the account.

Request Structure

{
    "userId": "XXXXXX",
    "otp": "589992 ",
    "osName": "MOBIOS",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY"
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
otp String OTP received by the user that needs to be validated.
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "status": "Success",
        "message": "User unblocked successfully"
    }
}

Response parameters

Field Type Description
status String Operation status indicating the outcome of the unblocking request (e.g., "Success").
message String Specific message about the result (e.g., "User unblocked successfully").

Forget Password

To initiate the password reset process for a user who has forgotten their password. This typically sends an OTP to the user's registered mobile number or email.

Request Structure

{
    "userId": "XXXXXXX",  
    "pan": "XXXXXXXXX",
    "osName": "MOBIOS",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY"
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
pan String PAN number of the user (Permanent Account Number). Used for identity validation.
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "message": "An OTP has been sent to your registered Mobile Number and email.",
        "status": "Success",
        "userId": "XXXXXXX",
        "emailId": "go*****************in",
        "mobileNumber": "98******90",
        "resendOtpAfter": "60",
        "resendOtpCountsLeft": "4",
        "isTOtpAvailable": false,
        "token": "BJ462XW4D4FO0CS6SI7F9O2UO6YN5KJRRSB0WB6A785NFWBT3DQUZZZ5VLONS3E3EIWIHF1LL83M0QHBBVEWVGCAHQVDDVQCJKEJEU129M09YYAJVTKRCGXPFEH4UM08VF0G8OCL0TZ2MUK9D05ZZIP9WROD1SG1ZTDH0H8NHHBH1BP53BLA6GJS9J10J0FU4NSUYDIROUTKWP100K6N1MS1SNO1CZCU58LTIIMH7I7HJN4AOSFJGEHIY40EDLUY"
    }
}

Response parameters

Field Type Description
message String Confirmation message indicating the OTP was sent.
status String Status of the OTP request (e.g., "Success").
userId String Unique identifier for the user (e.g., "TEST112").
emailId String Masked email address where the OTP was sent.
mobileNumber String Masked mobile number where the OTP was sent.
resendOtpAfter String Time in seconds to wait before another OTP can be requested (e.g., "60").
resendOtpCountsLeft String Number of remaining times the user can request to resend the OTP (e.g., "4").
isTOtpAvailable boolean Indicates if Time-based OTP (TOTP) is available for the user (e.g., false).
token String A long alphanumeric String (possibly JWT or session token) used for authentication/
authorization in the next step of the process.

Verify Forget Password

To verify the OTP (One-Time Password) sent during the Forget Password process before allowing the user to reset their password.

Request Structure

{
    "userId": "XXXXXXX",
    "otp": "123456",
    "osName": "MOBIOS",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY"
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
otp String OTP received by the user that needs to be validated.
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "token": "2NHFMPP5PTDSFDASM9VM7ME5506U6IPYTNKN5O2OYO4TT7VS6IBHDVN3M9ES7VPNN9M91LYWXIU3SXS7YQ5H5YFC99BTK7BI2Y93401U6FBBIC5S5M1B3Z2F0OROVJGUK5N5H431FEX91225KJ2V4IQS6CAGA5SMX084TPK0YHS1WX5X76NZ7BZE2N04C8AM281H894WJAPJVW7U6JUG4ZLMX23VWP3P19SJDILIHLQ14V6BODVFTAI54Z57A9JJ",
        "status": "Success",
        "message": "Success"
    }
}

Response parameters

Field Type Description
token String A long alphanumeric token, likely used for session continuation.
status String Status of the specific operation, here indicating success (e.g., "Success").
message String Detailed message describing the result of the operation (e.g., "Success").

Reset Password

To set a new password after verifying the OTP in the "Forget Password" flow.

Request Structure

{
    "userId": "XXXXXXX",
    "password": "XXXXXXX",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY",
    "osName": "MOBIOS"
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
password String The new password to be set. It must comply with password policy (e.g., length, complexity). Transmitted securely.
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "status": "Success",
        "message": "Password changed successfully"
    }
}

Response parameters

Field Type Description
status String Status of the password change operation (e.g., "Success").
message String Specific message confirming the outcome, such as "Password changed successfully".

Biometric Login

Method APIS Detail
Post access/bio/enable Enable Biometric
Post access/bio/pwd/validate Validate Biometric

Enable Biometric

The Enable Biometric API allows users to activate biometric login (such as Face ID or Fingerprint) on their registered device. Once enabled, the user can log in securely using their device’s biometric authentication instead of entering a password.

Request Structure

 {
    "userId": "XXXXXX",
    "deviceType": "IOS",
    "enable": "true",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY",
    "osName": "MOBIOS"
}

Input parameters

Field Type Description
userId String Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN.
deviceType String Type of the device (e.g., ANDROID, IOS).
enable Boolean Indicates whether biometric authentication is being enabled ("true") or disabled ("false").
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "message": "Bio-metric Enabled successfully",
        "status": "Success"
    }
}

Response parameters

Field Type Description
message String Detailed success message (e.g., "Bio-metric Enabled successfully").
status String Status of the biometric enable action (e.g., "Success").

Validate Biometric

The Validate Biometric API is used to authenticate a user via a previously enabled biometric login (such as Face ID or fingerprint). It verifies the biometric credentials stored on the user’s device and, upon successful validation, logs the user into the application without requiring a password.

Request Structure

{
    "userId": "XXXXXX",
    "token": "XXXXXXXX",
    "deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
    "appName": "RMONEY",
    "osName": "MOBIOS"
}

Input parameters

Field Type Description
userId String Unique identifier of the user (email, mobile number, user ID, or PAN).
token String Session or authorization token issued after login or OTP verification.
deviceId String Unique ID of the device used for login.
appName String Name of the application (e.g., RMONEY)
osName String Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL")

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": {
        "success": "Success",
        "serverDate": "2025-06-17 15:41:25",
        "clientType": "ACTIVE",
        "versionChanged": "N",
        "bulkOrderAllowed": "Y",
        "runningAuthorization": "Y",
        "clientName": "saranya",
        "passwordChangeMessage": "NA",
        "poaStatus": "",
        "ckycStatus": "ACTIVE",
        "isDormant": "N",
        "roleDescription": "NA",
        "isCommIntraAllowed": "N",
        "isVtdAllowed": "N",
        "isAliasOrderAllowed": "N",
        "isDemoTrial": "N",
        "userRole": "ACTIVE",
        "message": "NA",
        "status": "ACTIVE",
        "passChangeFlag": "N",
        "allowNseCash": "Y",
        "allowNseFo": "Y",
        "allowNcdex": "Y",
        "allowBseFo": "Y",
        "allowBseCash": "Y",
        "allowMcxComm": "Y",
        "allowNseCurrency": "Y",
        "allowBseCurrency": "Y",
        "allowBseYComm": "Y",
        "allowNSEYComm": "Y",
        "nseCurrViewRights": "Y",
        "nseCashViewRights": "Y",
        "nseFoViewRights": "Y",
        "bseCashViewRights": "Y",
        "bseFoViewRights": "Y",
        "ncdexViewRights": "Y",
        "mcxCommViewRights": "Y",
        "bseCurrViewRights": "Y",
        "bseCommViewRights": "Y",
        "nseCommViewRights": "Y",
        "accessToken": "XXXXXXXXXX",
        "userId": "TEST102",
        "isAuthorized": false
    }
}

Response parameters

Field Type Description
success String Status of the operation (e.g., "Success").
serverDate String Current server date-time.
clientType String Type of client (e.g., "ACTIVE", "INACTIVE").
versionChanged String "Y" if app update is required, otherwise "N".
bulkOrderAllowed String "Y" if client is allowed to place bulk orders.
runningAuthorization String "Y" if client has running session authorization.
clientName String Name of the client.
passwordChangeMessage String Message indicating if password change is required.
poaStatus String Status of Power of Attorney (POA).
ckycStatus String Central KYC status of the client.
isDormant String "Y" if account is dormant; "N" if active.
roleDescription String Description of the user's role.
isCommIntraAllowed String "Y" if commodity intraday is allowed.
isVtdAllowed String "Y" if Value Trading Day is allowed.
isAliasOrderAllowed String "Y" if alias orders are allowed.
isDemoTrial String "Y" if user is on a demo trial account.
userRole String User role in the system (e.g., "ACTIVE").
message String Additional message from server (placeholder or "NA").
status String Account status (typically "ACTIVE").
passChangeFlag String "Y" if password change is required; otherwise "N".
allowNseCash String Access to NSE Cash segment ("Y"/"N").
allowNseFo String Access to NSE Futures & Options.
allowNcdex String Access to NCDEX commodities.
allowBseFo String Access to BSE Futures & Options.
allowBseCash String Access to BSE Cash.
allowMcxComm String Access to MCX commodities.
allowNseCurrency String Access to NSE currency market.
allowBseCurrency String Access to BSE currency market.
allowBseYComm String Access to BSE Yield Commodities.
allowNSEYComm String Access to NSE Yield Commodities.
nseCurrViewRights String Can view NSE currency market.
nseCashViewRights String Can view NSE cash market.
nseFoViewRights String Can view NSE F\&O market.
bseCashViewRights String Can view BSE cash market.
bseFoViewRights String Can view BSE F\&O market.
ncdexViewRights String Can view NCDEX.
mcxCommViewRights String Can view MCX.
bseCurrViewRights String Can view BSE currency.
bseCommViewRights String Can view BSE commodities.
nseCommViewRights String Can view NSE commodities.
accessToken String JWT token used for authenticated API requests.
userId String Unique user ID.
isAuthorized boolean Whether user is authorized for further actions.

QR Login

Method APIS Detail
GET access/qr/generate Generate QR
Post access/qr/login QR Login

Generate QR

The Generate QR Login API is used to initiate a secure login process via QR code. When called, it generates a unique QR code (in base64 format) and a qrName identifier that can be scanned by an authenticated mobile device to authorize login on a different platform (e.g., web or desktop).

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": [
        {
            "byteCode": "data:image/png;base64,XXXXXXXXXXXXXXXXXXXXX",
            "qrName": "d68cb166-67ba-4847-9c54-f3686f"
        }
    ]
}

Response parameters

Field Type Description
byteCode String Base64 encoded image of the QR code.
qrName String Unique identifier or name associated with the QR code. Typically a UUID.

QR Login

The QR Login API completes the login process after a QR code is scanned and approved by the user via the mobile app. It validates the QR session using the qrName and authorizes the user to access the web or desktop platform without entering credentials.

Request Structure

{
  "qrName": "d68cb166-67ba-4847-9c54-f3686f"
}

Input parameters

Field Type Description
qrName String A unique identifier for the QR code to be validated. Typically a UUID generated during QR code creation.

Response Structure

{
    "status": "Ok",
    "message": "Success",
    "result": [
        {
            "accessToken": "XXXXXXX",
            "clientId": "XXXXXX",
            "authorized": false
        }
    ]
} 
Field Type Description
accessToken String JWT token used for authorized API requests after successful login.
clientId String Unique identifier for the client who has logged in.
authorized Boolean Indicates whether the login via QR was authorized (true or false).