Authentication
SSO based Authentication¶
Single Sign-On (SSO) authentication allows users to securely log in to multiple applications using a single set of credentials. Instead of entering a username and password separately for each system, the user authenticates once through a central identity provider (IdP). The IdP then issues a secure authentication token or code (e.g., authCode) that is validated by the target application.
In API-based workflows, the client passes:
- A
vendorID to identify the requesting system. - An
authCode(issued by the IdP) to confirm the user's identity.
SSO Login¶
| Method | APIS | Detail |
|---|---|---|
| POST | sso/vendor/auth/getUserDetails | Get user Detail |
Get User Detail¶
This API is used to authenticate a user using SSO (Single Sign-On) by passing a valid authCode received from the identity provider (e.g., via QR code or redirect) along with a registered vendor ID. On success, it returns the user's basic profile and session information.
Request Structure
Input parameters
| Field | Type | Description |
|---|---|---|
| vendor | String | Unique identifier assigned to the application/system initiating SSO login. |
| authCode | String | Redirect from identity provider, used to authenticate the session. |
Response Structure
Input parameters
| Field | Type | Description |
|---|---|---|
| stat | String | General status of the API call (e.g., "Ok"). |
| clientId | String | The unique identifier for the client/user (e.g., "TEST101"). |
| userSession | String (JWT Token) | A JWT (JSON Web Token) which is used for authentication and authorization in further API calls. Contains encoded user identity and roles. |
Login¶
| Method | APIS | Detail |
|---|---|---|
| Post | access/pwd/validate | Validate password |
| Post | access/otp/send | Resend OTP |
| Post | access/otp/validate | Validate OTP |
| Post | access/topt/verify | Verify TOTP |
Validate Password¶
The Validate Password API is used to authenticate a user by verifying their credentials and device/application details during login.
Request Structure
{
"userId":"<USER_ID>",
"password":"Password",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"versionNo": "1.0.0.1.4",
"appName": "RMONEY",
"osName": "MOBIOS"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| password | String | The password associated with the user's account. Used to authenticate the client. |
| deviceId | String | Unique ID of the device used for login. |
| versionNo | String | Version number of the app or platform being used. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"message": "An OTP has been sent to your registered Mobile Number and email.",
"status": "Success",
"userId": "XXXXXXX",
"emailId": "mo************in",
"mobileNumber": "95******84",
"resendOtpAfter": "60",
"resendOtpCountsLeft": "4",
"isTOtpAvailable": false,
"token": "XXXXXXX"
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| message | String | Message confirming OTP sent to registered mobile and email. |
| status | String | Status of the request (e.g., "Success", "Failed"). |
| userId | String | Masked user ID. |
| emailId | String | Masked registered email ID. |
| mobileNumber | String | Masked registered mobile number. |
| resendOtpAfter | String | Time in seconds after which the user is allowed to resend the OTP. |
| resendOtpCountsLeft | String | Number of OTP resend attempts remaining. |
| isTOtpAvailable | boolean | if Time-based OTP (TOTP) is enabled (true or false). |
| token | String | Temporary token to be used for OTP verification in the next API call. |
Resend OTP¶
The Resend OTP API is used to send a new One-Time Password (OTP) to the user’s registered mobile number and/or email in case the previous OTP was not received or expired.
Request Structure
{
"userId":"<USER_ID>",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"versionNo": "1.0.0.1.4",
"appName": "RMONEY",
"osName": "MOBIOS"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| deviceId | String | Unique ID of the device used for login. |
| versionNo | String | Version number of the app or platform being used. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"message": "An OTP has been sent to your registered Mobile Number and email.",
"status": "Success",
"userId": "XXXXXX",
"emailId": "mo************in",
"mobileNumber": "95******84",
"resendOtpAfter": "60",
"resendOtpCountsLeft": "4",
"isTOtpAvailable": false
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| message | String | Message confirming OTP sent to registered mobile and email. |
| status | String | Status of the request (e.g., "Success", "Failed"). |
| userId | String | Masked user ID. |
| emailId | String | Masked registered email ID. |
| mobileNumber | String | Masked registered mobile number. |
| resendOtpAfter | String | Time in seconds after which the user is allowed to resend the OTP. |
| resendOtpCountsLeft | String | Number of OTP resend attempts remaining. |
| isTOtpAvailable | boolean | if Time-based OTP (TOTP) is enabled (true or false). |
Validate OTP¶
To verify the OTP (One-Time Password) received by the user on their registered mobile number or email during login.
Request Structure
{
"userId":"<USER_ID>",
"receivedOtp": "123456",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY",
"osName": "MOBIOS",
"source":"API",
"vendor":"QYPdhBfGbfsSOFb"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| receivedOtp | String | OTP received by the user that needs to be validated. |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
| source | String | Source of the request (e.g., "API", "WEB", "MOBILE"). |
| vendor | String | Vendor code or identifier for internal tracking (e.g., partner/vendor name). |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"success": "Success",
"serverDate": "2025-06-17 12:49:53",
"clientType": "ACTIVE",
"versionChanged": "N",
"bulkOrderAllowed": "Y",
"runningAuthorization": "Y",
"clientName": "saranya",
"passwordChangeMessage": "NA",
"poaStatus": "",
"ckycStatus": "ACTIVE",
"isDormant": "N",
"roleDescription": "NA",
"isCommIntraAllowed": "N",
"isVtdAllowed": "N",
"isAliasOrderAllowed": "N",
"isDemoTrial": "N",
"userRole": "ACTIVE",
"message": "NA",
"status": "ACTIVE",
"passChangeFlag": "N",
"allowNseCash": "Y",
"allowNseFo": "Y",
"allowNcdex": "Y",
"allowBseFo": "Y",
"allowBseCash": "Y",
"allowMcxComm": "Y",
"allowNseCurrency": "Y",
"allowBseCurrency": "Y",
"allowBseYComm": "Y",
"allowNSEYComm": "Y",
"nseCurrViewRights": "Y",
"nseCashViewRights": "Y",
"nseFoViewRights": "Y",
"bseCashViewRights": "Y",
"bseFoViewRights": "Y",
"ncdexViewRights": "Y",
"mcxCommViewRights": "Y",
"bseCurrViewRights": "Y",
"bseCommViewRights": "Y",
"nseCommViewRights": "Y",
"accessToken": "XXXXXXXXX",
"redirectUrl": "https://webuat.rmoneyindia.co.in/admin/#/?authcode=0ZAFF21SJ32V9A7PCYKP&clientid=TEST102",
"userId": "XXXXXXXX",
"isAuthorized": false
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| success | String | Indicates success of the operation. |
| serverDate | String | Server timestamp in YYYY-MM-DD HH ss format. |
| clientType | String | Type of client status (e.g., "ACTIVE", "INACTIVE"). |
| versionChanged | String | Flag to check if the app version needs to be updated ("Y" or "N"). |
| bulkOrderAllowed | String | Whether the user can place bulk orders ("Y" or "N"). |
| runningAuthorization | String | Indicates if session authorization is in progress ("Y" or "N"). |
| clientName | String | Name of the logged-in client. |
| passwordChangeMessage | String | Message related to password change requirement or status. |
| poaStatus | String | Status of Power of Attorney (if applicable). |
| ckycStatus | String | CKYC (Central KYC) verification status. |
| isDormant | String | Indicates whether the account is dormant ("Y" or "N"). |
| roleDescription | String | Description of user role (if any). |
| isCommIntraAllowed | String | Intra-commodity trading permission. |
| isVtdAllowed | String | Indicates if Virtual Trading Desk access is allowed. |
| isAliasOrderAllowed | String | Flag for alias order feature access. |
| isDemoTrial | String | Whether the user is on a demo/trial account. |
| userRole | String | Role assigned to user (e.g., "ACTIVE", "GUEST"). |
| message | String | Additional message field (if any). |
| status | String | Status of user (usually same as clientType). |
| passChangeFlag | String | Flag indicating if password change is required. |
| allowNseCash | String | Access to NSE Cash segment ("Y"/"N"). |
| allowNseFo | String | Access to NSE Futures & Options. |
| allowNcdex | String | Access to NCDEX commodities. |
| allowBseFo | String | Access to BSE Futures & Options. |
| allowBseCash | String | Access to BSE Cash. |
| allowMcxComm | String | Access to MCX commodities. |
| allowNseCurrency | String | Access to NSE currency market. |
| allowBseCurrency | String | Access to BSE currency market. |
| allowBseYComm | String | Access to BSE Yield Commodities. |
| allowNSEYComm | String | Access to NSE Yield Commodities. |
| nseCurrViewRights | String | Can view NSE currency market. |
| nseCashViewRights | String | Can view NSE cash market. |
| nseFoViewRights | String | Can view NSE F\&O market. |
| bseCashViewRights | String | Can view BSE cash market. |
| bseFoViewRights | String | Can view BSE F\&O market. |
| ncdexViewRights | String | Can view NCDEX. |
| mcxCommViewRights | String | Can view MCX. |
| bseCurrViewRights | String | Can view BSE currency. |
| bseCommViewRights | String | Can view BSE commodities. |
| nseCommViewRights | String | Can view NSE commodities. |
| accessToken | String | JWT token used for authenticated API requests. |
| userId | String | Unique user ID. |
| isAuthorized | boolean | Whether user is authorized for further actions. |
Verify TOTP¶
TOTP (Time-based One-Time Password) is a form of Two-Factor Authentication (2FA) that generates a unique, time-sensitive code used to verify a user's identity.
Request Structure
{
"userId":"<USER_ID>",
"totp": "123456",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY",
"osName": "MOBIOS"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| totp | String | 6-digit TOTP from authenticator app (time-sensitive). |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"success": "Success",
"serverDate": "2025-06-17 17:47:42",
"clientType": "ACTIVE",
"versionChanged": "N",
"bulkOrderAllowed": "Y",
"runningAuthorization": "Y",
"clientName": "saranya",
"passwordChangeMessage": "NA",
"poaStatus": "",
"ckycStatus": "ACTIVE",
"isDormant": "N",
"roleDescription": "NA",
"isCommIntraAllowed": "N",
"isVtdAllowed": "N",
"isAliasOrderAllowed": "N",
"isDemoTrial": "N",
"userRole": "ACTIVE",
"message": "NA",
"status": "ACTIVE",
"passChangeFlag": "N",
"allowNseCash": "Y",
"allowNseFo": "Y",
"allowNcdex": "Y",
"allowBseFo": "Y",
"allowBseCash": "Y",
"allowMcxComm": "Y",
"allowNseCurrency": "Y",
"allowBseCurrency": "Y",
"allowBseYComm": "Y",
"allowNSEYComm": "Y",
"nseCurrViewRights": "Y",
"nseCashViewRights": "Y",
"nseFoViewRights": "Y",
"bseCashViewRights": "Y",
"bseFoViewRights": "Y",
"ncdexViewRights": "Y",
"mcxCommViewRights": "Y",
"bseCurrViewRights": "Y",
"bseCommViewRights": "Y",
"nseCommViewRights": "Y",
"accessToken": "XXXXXXXXX",
"userId": "XXXXXXXX",
"isAuthorized": false
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| success | String | Indicates success of the operation. |
| serverDate | String | Server timestamp in YYYY-MM-DD HHss format. |
| clientType | String | Type of client status (e.g., "ACTIVE", "INACTIVE"). |
| versionChanged | String | Flag to check if the app version needs to be updated ("Y" or "N"). |
| bulkOrderAllowed | String | Whether the user can place bulk orders ("Y" or "N"). |
| runningAuthorization | String | Indicates if session authorization is in progress ("Y" or "N"). |
| clientName | String | Name of the logged-in client. |
| passwordChangeMessage | String | Message related to password change requirement or status. |
| poaStatus | String | Status of Power of Attorney (if applicable). |
| ckycStatus | String | CKYC (Central KYC) verification status. |
| isDormant | String | Indicates whether the account is dormant ("Y" or "N"). |
| roleDescription | String | Description of user role (if any). |
| isCommIntraAllowed | String | Intra-commodity trading permission. |
| isVtdAllowed | String | Indicates if Virtual Trading Desk access is allowed. |
| isAliasOrderAllowed | String | Flag for alias order feature access. |
| isDemoTrial | String | Whether the user is on a demo/trial account. |
| userRole | String | Role assigned to user (e.g., "ACTIVE", "GUEST"). |
| message | String | Additional message field (if any). |
| status | String | Status of user (usually same as clientType). |
| passChangeFlag | String | Flag indicating if password change is required. |
| allowNseCash | String | Access to NSE Cash segment ("Y"/"N"). |
| allowNseFo | String | Access to NSE Futures & Options. |
| allowNcdex | String | Access to NCDEX commodities. |
| allowBseFo | String | Access to BSE Futures & Options. |
| allowBseCash | String | Access to BSE Cash. |
| allowMcxComm | String | Access to MCX commodities. |
| allowNseCurrency | String | Access to NSE currency market. |
| allowBseCurrency | String | Access to BSE currency market. |
| allowBseYComm | String | Access to BSE Yield Commodities. |
| allowNSEYComm | String | Access to NSE Yield Commodities. |
| nseCurrViewRights | String | Can view NSE currency market. |
| nseCashViewRights | String | Can view NSE cash market. |
| nseFoViewRights | String | Can view NSE F\&O market. |
| bseCashViewRights | String | Can view BSE cash market. |
| bseFoViewRights | String | Can view BSE F\&O market. |
| ncdexViewRights | String | Can view NCDEX. |
| mcxCommViewRights | String | Can view MCX. |
| bseCurrViewRights | String | Can view BSE currency. |
| bseCommViewRights | String | Can view BSE commodities. |
| nseCommViewRights | String | Can view NSE commodities. |
| accessToken | String | JWT token used for authenticated API requests. |
| userId | String | Unique user ID. |
| isAuthorized | boolean | Whether user is authorized for further actions. |
Unblock and Forget Password¶
Base URL: https://webuat.rmoneyindia.co.in/auth/v1/
| Method | APIS | Detail |
|---|---|---|
| Post | access/client/unblock | Unblock Account |
| Post | access/client/unblock/verify | Verify Unblock |
| Post | access/pwd/forgot | Forget Password |
| Post | access/pwd/forgot/verify | Verify Forget Password |
| Post | access/pwd/reset | Reset Password |
Unblock Account¶
To unblock a user's account after it has been temporarily locked (e.g., due to multiple failed login attempts, security reasons, etc.).
Request Structure
{
"userId": "XXXXXX",
"pan": "XXXXXXX",
"osName": "MOBIOS",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| pan | String | PAN number of the user (Permanent Account Number). Used for identity validation. |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"message": "An OTP has been sent to your registered Mobile Number and email.",
"status": "Success",
"userId": "XXXXXX",
"emailId": "go*****************in",
"mobileNumber": "98******90",
"resendOtpAfter": "60",
"resendOtpCountsLeft": "4",
"isTOtpAvailable": false,
"token": "1T6C5K4RAOPJC9X6SQL0SQ0HGU1HVHUZ3MBBNRDPMQ3SN0VYUY1O68ZK3ZMYH4TC86D0R2D37TYZCUTJRGSW5HHR8P0S33EQF7Y6Q75LWYT8P2VMH2LQL3TCICWK9A2E8ZDMT24HHL2OMC9SCMQEEFEDNXWCU7A9BWGXJJJW0NWQ611HIU549QAH2GESUS1X6GRDNR5MR1MMF3KE17MZHFUMWF2Z55N529W12J207FUWJUOQQC9D2JY21V94ZPYD"
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| message | String | Confirmation message indicating the OTP was sent. |
| status | String | Status of the OTP request (e.g., "Success"). |
| userId | String | Unique identifier for the user (e.g., "TEST112"). |
| emailId | String | Masked email address where the OTP was sent. |
| mobileNumber | String | Masked mobile number where the OTP was sent. |
| resendOtpAfter | String | Time in seconds to wait before another OTP can be requested (e.g., "60"). |
| resendOtpCountsLeft | String | Number of remaining times the user can request to resend the OTP (e.g., "4"). |
| isTOtpAvailable | boolean | Indicates if Time-based OTP (TOTP) is available for the user (e.g., false). |
| token | String | A long alphanumeric String (possibly JWT or session token) used for authentication/authorization in the next step of the process. |
Verify Unblock¶
To verify OTP or confirmation for unblocking a user’s account after an unblock request has been initiated. This step ensures the user is authorized to unblock the account.
Request Structure
{
"userId": "XXXXXX",
"otp": "589992 ",
"osName": "MOBIOS",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| otp | String | OTP received by the user that needs to be validated. |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"status": "Success",
"message": "User unblocked successfully"
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| status | String | Operation status indicating the outcome of the unblocking request (e.g., "Success"). |
| message | String | Specific message about the result (e.g., "User unblocked successfully"). |
Forget Password¶
To initiate the password reset process for a user who has forgotten their password. This typically sends an OTP to the user's registered mobile number or email.
Request Structure
{
"userId": "XXXXXXX",
"pan": "XXXXXXXXX",
"osName": "MOBIOS",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| pan | String | PAN number of the user (Permanent Account Number). Used for identity validation. |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"message": "An OTP has been sent to your registered Mobile Number and email.",
"status": "Success",
"userId": "XXXXXXX",
"emailId": "go*****************in",
"mobileNumber": "98******90",
"resendOtpAfter": "60",
"resendOtpCountsLeft": "4",
"isTOtpAvailable": false,
"token": "BJ462XW4D4FO0CS6SI7F9O2UO6YN5KJRRSB0WB6A785NFWBT3DQUZZZ5VLONS3E3EIWIHF1LL83M0QHBBVEWVGCAHQVDDVQCJKEJEU129M09YYAJVTKRCGXPFEH4UM08VF0G8OCL0TZ2MUK9D05ZZIP9WROD1SG1ZTDH0H8NHHBH1BP53BLA6GJS9J10J0FU4NSUYDIROUTKWP100K6N1MS1SNO1CZCU58LTIIMH7I7HJN4AOSFJGEHIY40EDLUY"
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| message | String | Confirmation message indicating the OTP was sent. |
| status | String | Status of the OTP request (e.g., "Success"). |
| userId | String | Unique identifier for the user (e.g., "TEST112"). |
| emailId | String | Masked email address where the OTP was sent. |
| mobileNumber | String | Masked mobile number where the OTP was sent. |
| resendOtpAfter | String | Time in seconds to wait before another OTP can be requested (e.g., "60"). |
| resendOtpCountsLeft | String | Number of remaining times the user can request to resend the OTP (e.g., "4"). |
| isTOtpAvailable | boolean | Indicates if Time-based OTP (TOTP) is available for the user (e.g., false). |
| token | String | A long alphanumeric String (possibly JWT or session token) used for authentication/ |
| authorization in the next step of the process. |
Verify Forget Password¶
To verify the OTP (One-Time Password) sent during the Forget Password process before allowing the user to reset their password.
Request Structure
{
"userId": "XXXXXXX",
"otp": "123456",
"osName": "MOBIOS",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| otp | String | OTP received by the user that needs to be validated. |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"token": "2NHFMPP5PTDSFDASM9VM7ME5506U6IPYTNKN5O2OYO4TT7VS6IBHDVN3M9ES7VPNN9M91LYWXIU3SXS7YQ5H5YFC99BTK7BI2Y93401U6FBBIC5S5M1B3Z2F0OROVJGUK5N5H431FEX91225KJ2V4IQS6CAGA5SMX084TPK0YHS1WX5X76NZ7BZE2N04C8AM281H894WJAPJVW7U6JUG4ZLMX23VWP3P19SJDILIHLQ14V6BODVFTAI54Z57A9JJ",
"status": "Success",
"message": "Success"
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| token | String | A long alphanumeric token, likely used for session continuation. |
| status | String | Status of the specific operation, here indicating success (e.g., "Success"). |
| message | String | Detailed message describing the result of the operation (e.g., "Success"). |
Reset Password¶
To set a new password after verifying the OTP in the "Forget Password" flow.
Request Structure
{
"userId": "XXXXXXX",
"password": "XXXXXXX",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY",
"osName": "MOBIOS"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| password | String | The new password to be set. It must comply with password policy (e.g., length, complexity). Transmitted securely. |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"status": "Success",
"message": "Password changed successfully"
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| status | String | Status of the password change operation (e.g., "Success"). |
| message | String | Specific message confirming the outcome, such as "Password changed successfully". |
Biometric Login¶
| Method | APIS | Detail |
|---|---|---|
| Post | access/bio/enable | Enable Biometric |
| Post | access/bio/pwd/validate | Validate Biometric |
Enable Biometric¶
The Enable Biometric API allows users to activate biometric login (such as Face ID or Fingerprint) on their registered device. Once enabled, the user can log in securely using their device’s biometric authentication instead of entering a password.
Request Structure
{
"userId": "XXXXXX",
"deviceType": "IOS",
"enable": "true",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY",
"osName": "MOBIOS"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier for the user. It can be a client’s email, mobile number, user ID, or PAN. |
| deviceType | String | Type of the device (e.g., ANDROID, IOS). |
| enable | Boolean | Indicates whether biometric authentication is being enabled ("true") or disabled ("false"). |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"message": "Bio-metric Enabled successfully",
"status": "Success"
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| message | String | Detailed success message (e.g., "Bio-metric Enabled successfully"). |
| status | String | Status of the biometric enable action (e.g., "Success"). |
Validate Biometric¶
The Validate Biometric API is used to authenticate a user via a previously enabled biometric login (such as Face ID or fingerprint). It verifies the biometric credentials stored on the user’s device and, upon successful validation, logs the user into the application without requiring a password.
Request Structure
{
"userId": "XXXXXX",
"token": "XXXXXXXX",
"deviceId": "38400000-8cf0-11bd-b23e-10b96e40000d",
"appName": "RMONEY",
"osName": "MOBIOS"
}
Input parameters
| Field | Type | Description |
|---|---|---|
| userId | String | Unique identifier of the user (email, mobile number, user ID, or PAN). |
| token | String | Session or authorization token issued after login or OTP verification. |
| deviceId | String | Unique ID of the device used for login. |
| appName | String | Name of the application (e.g., RMONEY) |
| osName | String | Operating system name ("MOBANDROID", "MOBIOS", "EXECLIENT", "EXEMANAGER", "WEBINTERNAL","WEBEXTERNAL") |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": {
"success": "Success",
"serverDate": "2025-06-17 15:41:25",
"clientType": "ACTIVE",
"versionChanged": "N",
"bulkOrderAllowed": "Y",
"runningAuthorization": "Y",
"clientName": "saranya",
"passwordChangeMessage": "NA",
"poaStatus": "",
"ckycStatus": "ACTIVE",
"isDormant": "N",
"roleDescription": "NA",
"isCommIntraAllowed": "N",
"isVtdAllowed": "N",
"isAliasOrderAllowed": "N",
"isDemoTrial": "N",
"userRole": "ACTIVE",
"message": "NA",
"status": "ACTIVE",
"passChangeFlag": "N",
"allowNseCash": "Y",
"allowNseFo": "Y",
"allowNcdex": "Y",
"allowBseFo": "Y",
"allowBseCash": "Y",
"allowMcxComm": "Y",
"allowNseCurrency": "Y",
"allowBseCurrency": "Y",
"allowBseYComm": "Y",
"allowNSEYComm": "Y",
"nseCurrViewRights": "Y",
"nseCashViewRights": "Y",
"nseFoViewRights": "Y",
"bseCashViewRights": "Y",
"bseFoViewRights": "Y",
"ncdexViewRights": "Y",
"mcxCommViewRights": "Y",
"bseCurrViewRights": "Y",
"bseCommViewRights": "Y",
"nseCommViewRights": "Y",
"accessToken": "XXXXXXXXXX",
"userId": "TEST102",
"isAuthorized": false
}
}
Response parameters
| Field | Type | Description |
|---|---|---|
| success | String | Status of the operation (e.g., "Success"). |
| serverDate | String | Current server date-time. |
| clientType | String | Type of client (e.g., "ACTIVE", "INACTIVE"). |
| versionChanged | String | "Y" if app update is required, otherwise "N". |
| bulkOrderAllowed | String | "Y" if client is allowed to place bulk orders. |
| runningAuthorization | String | "Y" if client has running session authorization. |
| clientName | String | Name of the client. |
| passwordChangeMessage | String | Message indicating if password change is required. |
| poaStatus | String | Status of Power of Attorney (POA). |
| ckycStatus | String | Central KYC status of the client. |
| isDormant | String | "Y" if account is dormant; "N" if active. |
| roleDescription | String | Description of the user's role. |
| isCommIntraAllowed | String | "Y" if commodity intraday is allowed. |
| isVtdAllowed | String | "Y" if Value Trading Day is allowed. |
| isAliasOrderAllowed | String | "Y" if alias orders are allowed. |
| isDemoTrial | String | "Y" if user is on a demo trial account. |
| userRole | String | User role in the system (e.g., "ACTIVE"). |
| message | String | Additional message from server (placeholder or "NA"). |
| status | String | Account status (typically "ACTIVE"). |
| passChangeFlag | String | "Y" if password change is required; otherwise "N". |
| allowNseCash | String | Access to NSE Cash segment ("Y"/"N"). |
| allowNseFo | String | Access to NSE Futures & Options. |
| allowNcdex | String | Access to NCDEX commodities. |
| allowBseFo | String | Access to BSE Futures & Options. |
| allowBseCash | String | Access to BSE Cash. |
| allowMcxComm | String | Access to MCX commodities. |
| allowNseCurrency | String | Access to NSE currency market. |
| allowBseCurrency | String | Access to BSE currency market. |
| allowBseYComm | String | Access to BSE Yield Commodities. |
| allowNSEYComm | String | Access to NSE Yield Commodities. |
| nseCurrViewRights | String | Can view NSE currency market. |
| nseCashViewRights | String | Can view NSE cash market. |
| nseFoViewRights | String | Can view NSE F\&O market. |
| bseCashViewRights | String | Can view BSE cash market. |
| bseFoViewRights | String | Can view BSE F\&O market. |
| ncdexViewRights | String | Can view NCDEX. |
| mcxCommViewRights | String | Can view MCX. |
| bseCurrViewRights | String | Can view BSE currency. |
| bseCommViewRights | String | Can view BSE commodities. |
| nseCommViewRights | String | Can view NSE commodities. |
| accessToken | String | JWT token used for authenticated API requests. |
| userId | String | Unique user ID. |
| isAuthorized | boolean | Whether user is authorized for further actions. |
QR Login¶
| Method | APIS | Detail |
|---|---|---|
| GET | access/qr/generate | Generate QR |
| Post | access/qr/login | QR Login |
Generate QR¶
The Generate QR Login API is used to initiate a secure login process via QR code. When called, it generates a unique QR code (in base64 format) and a qrName identifier that can be scanned by an authenticated mobile device to authorize login on a different platform (e.g., web or desktop).
Response Structure
{
"status": "Ok",
"message": "Success",
"result": [
{
"byteCode": "data:image/png;base64,XXXXXXXXXXXXXXXXXXXXX",
"qrName": "d68cb166-67ba-4847-9c54-f3686f"
}
]
}
Response parameters
| Field | Type | Description |
|---|---|---|
| byteCode | String | Base64 encoded image of the QR code. |
| qrName | String | Unique identifier or name associated with the QR code. Typically a UUID. |
QR Login¶
The QR Login API completes the login process after a QR code is scanned and approved by the user via the mobile app. It validates the QR session using the qrName and authorizes the user to access the web or desktop platform without entering credentials.
Request Structure
Input parameters
| Field | Type | Description |
|---|---|---|
| qrName | String | A unique identifier for the QR code to be validated. Typically a UUID generated during QR code creation. |
Response Structure
{
"status": "Ok",
"message": "Success",
"result": [
{
"accessToken": "XXXXXXX",
"clientId": "XXXXXX",
"authorized": false
}
]
}
| Field | Type | Description |
|---|---|---|
| accessToken | String | JWT token used for authorized API requests after successful login. |
| clientId | String | Unique identifier for the client who has logged in. |
| authorized | Boolean | Indicates whether the login via QR was authorized (true or false). |