How-to authorise holdings CDSL TPIN e-DIS DDPI delivery sell demat authorisation

How to respond to a Zerodha email asking you to authorise your holdings

From WebNotes, a public knowledge base. Last updated 20 June 2026. Reading time ~11 min. Level: Beginner.

Key facts

Why you got it	You sold securities from demat without DDPI or POA, so the sale needs CDSL authorisation before it settles
Common triggers	A physically settled F&O position needing stock delivery, or an MIS sell that could not square off because the stock hit upper circuit
How to authorise	Use the CDSL TPIN via the link in the email; the TPIN authorisation is a one-day-validity e-DIS approval
Deadline	Complete the authorisation before 7:00 PM the same day, using only the link in the email
Permanent fix	Sign DDPI, after which the Authorise option disappears and you can sell without daily TPIN entry
Cost	Free; no charge to authorise holdings

Procedure

Verify the email is genuinely from ZerodhaRead the sender address after the @ sign. A genuine holdings-authorisation email comes from a Zerodha domain. The CDSL TPIN itself is sent by CDSL from its official address. Any lookalike domain, or a request for your password or OTP, is phishing.
Confirm you placed the sell that triggered itThe email follows a delivery sale you made without DDPI or POA, often a physically settled F&O obligation or an MIS sell that hit the upper circuit. Confirm the trade is yours before authorising.
Open the authorisation link in the emailZerodha instructs you to complete the authorisation using only the link provided in that email. It takes you to the CDSL e-DIS authorisation page for the specific securities being sold.
Enter your CDSL TPIN and OTPAuthorise the sale of the securities using your CDSL TPIN, then the OTP CDSL sends to your registered mobile and email. This is the e-DIS approval that lets the sale settle.
Complete it before 7:00 PM the same dayThe authorisation must be done before 7:00 PM on the day of the sale. A TPIN authorisation is valid for that single trading day only.
Sign DDPI to avoid the daily stepTo stop receiving these emails, sign the DDPI. With DDPI active, the Authorise option no longer appears and you can sell holdings without entering the CDSL TPIN each time.

A Zerodha email asking you to authorise your holdings means you sold securities from your demat account without a standing DDPI or POA, so the sale needs your explicit CDSL authorisation before it can settle; you complete it with your CDSL TPIN through the link in the email, before 7:00 PM the same day. This is not a security alert or a problem with your account. It is the depository asking you to approve a specific debit of your own shares, which is required precisely because you have not given the broker a standing instruction to do it for you.

This guide explains the scenarios that trigger the email, the CDSL TPIN and e-DIS mechanism that authorises the sale, the same-day deadline, and how signing DDPI removes the step for good. It also covers how to confirm the email is genuine, since “authorise your holdings” is exactly the kind of urgent prompt a phishing message imitates.

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

Step-by-step procedure

The numbered box above gives the sequence. The detail below covers the two things that matter: confirming the email is real, and getting the CDSL authorisation done before the same-day cutoff so the trade settles.

1. Verify the email is genuinely from Zerodha

Read the sender address after the @ sign. A genuine holdings-authorisation email comes from a Zerodha domain on the published authorised list, and the CDSL TPIN itself is sent by CDSL from its own official address. The legitimate flow asks only for your CDSL TPIN and the CDSL OTP on the CDSL e-DIS page; it never asks for your Kite password or your login OTP. A lookalike sender domain, or any page asking for your Kite credentials, is phishing. The full verification method is in how to verify whether an email is genuinely from Zerodha .

2. Confirm you placed the sell that triggered it

The email follows a delivery sale on an account without DDPI or POA. The two common triggers are documented by Zerodha: a physically settled F&O position where you must deliver the underlying stock, and an MIS intraday sell that could not be squared off because the stock hit its upper circuit limit and so carried into delivery. Confirm the sale is yours. If you placed no such trade, do not authorise anything; treat the email as suspect and check inside your account.

3. Open the authorisation link in the email

Zerodha’s instruction is specific: complete the authorisation using only the link provided in that email. The link opens the CDSL e-DIS authorisation page listing the exact securities and quantities to be sold. This is the one case where you use a link from a Zerodha email, because the link goes to CDSL’s authorisation system, not a login page; even so, confirm the page is on CDSL’s domain and asks only for the TPIN and OTP.

4. Enter your CDSL TPIN and OTP

On the CDSL page, authorise the sale of the listed securities with your CDSL TPIN, then enter the OTP CDSL sends to your registered mobile and email. This pair, TPIN plus OTP, is the e-DIS approval that releases the shares for settlement. If you have forgotten the TPIN, regenerate it first; the forgot-TPIN route is quick but do it before the cutoff.

5. Complete it before 7:00 PM the same day

The authorisation must be done before 7:00 PM on the day of the sale. A CDSL TPIN authorisation is valid for that single trading day only: from 7:00 AM the system records authorisations for trades executed the same day until 5:00 PM, and a fresh authorisation is needed each day you sell holdings without DDPI. Miss the window and the specific sale’s settlement is at risk, which can lead to a short-delivery auction .

6. Sign DDPI to avoid the daily step

To stop receiving these emails altogether, sign the DDPI (Demat Debit and Pledge Instruction). With DDPI active, Zerodha can debit sold securities directly, the Authorise option no longer appears, and you sell holdings without entering the CDSL TPIN for each delivery sale. DDPI is the modern, narrowly-scoped replacement for the old power of attorney ; see how to sell without POA or DDPI at Zerodha for the trade-offs if you prefer to keep authorising manually.

How the authorisation works: e-DIS and the demat structure

The reason the email exists at all is the structure of demat ownership. Your securities are held in your own demat account at CDSL; Zerodha is only the depository participant that services it, and it cannot move your shares out without your authorisation. When you have no standing instruction (no DDPI, no POA), every delivery sale needs you to authorise that specific debit.

CDSL provides this through e-DIS (electronic delivery instruction slip), authorised by your TPIN and an OTP. The TPIN is a PIN-based pre-authorisation CDSL introduced so you can approve a sale electronically rather than signing a paper delivery instruction slip . The one-day validity is by design: each authorisation covers only that day’s sales, which is what makes it a control rather than a blanket permission. DDPI changes this by giving a one-time standing debit-and-pledge authorisation, so the broker can execute the debit on your behalf and the daily TPIN step falls away.

Holdings statements versus this authorisation

Do not confuse this authorisation email with the periodic holding statement. Zerodha automatically emails a monthly holding statement to your registered address, and you can also download a transaction-cum-holding statement yourself from CDSL Easiest (Easi), independent of any sale. That statement is a record for reconciliation. The authorise-holdings email is different: it is an action tied to a specific sale you made, and it asks you to approve that debit, not to confirm a statement. If you receive a “verify your holdings” message that asks you to log in to a non-CDSL, non-Zerodha page, it is phishing, not either of these.

Genuine request versus phishing

Apply the filter. A genuine authorise-holdings email comes from a Zerodha domain, follows a real sale of yours, and sends you to CDSL’s e-DIS page where you enter only your CDSL TPIN and the CDSL OTP. A phishing one comes from a lookalike domain, may reference a sale you never made, and asks for your Kite password, login OTP or a payment. Zerodha and CDSL never ask for your Kite login password or login OTP to authorise a sale. If anything is off, do not authorise; log in to your account yourself, check your order book for the sale, and if there is no such trade, report the email through a ticket .

What can go wrong

Missing the 7:00 PM cutoff: the authorisation is same-day only. A missed window can cause short delivery and an exchange auction. Authorise as soon as the email arrives.
Forgotten CDSL TPIN at the deadline: regenerate the TPIN early; do not leave it to the last minute before 7:00 PM.
Entering Kite credentials on the authorisation page: never. The CDSL e-DIS page asks only for your CDSL TPIN and the CDSL OTP, not your Kite password or login OTP.
Acting on a phishing copy: verify the sender domain and confirm the sale is real inside your account before authorising anything.
Confusing the monthly holding statement with this email: the statement is a record; this email authorises a specific sale. A “log in here to verify holdings” link to a non-CDSL page is a scam.
Repeating the daily step forever: sign DDPI to remove the authorisation requirement permanently for delivery sales.

External references

References

Zerodha support, Why did Zerodha send an email to authorise holdings? (delivery sale without POA or DDPI; physical-settlement and upper-circuit-MIS triggers; CDSL TPIN; before 7:00 PM using only the email link), as of 20 June 2026.
Zerodha support, What is the validity of a CDSL authorisation? (one-day validity; 7:00 AM to 5:00 PM recording; new authorisation each trading day), as of 20 June 2026.
Zerodha, CDSL introduces PIN-based pre-authorisation for selling stocks, Z-Connect (TPIN and e-DIS mechanism).
SEBI circular SEBI/HO/MIRSD/DOP/P/CIR/2022/119 on execution of Demat Debit and Pledge Instruction (DDPI) for transfer of securities, 1 September 2022.
Zerodha support, How to verify if the email from Zerodha is genuine? (authorised sender-domain list).

Frequently asked questions

Why did Zerodha email me to authorise my holdings?

You sold securities from your demat account without DDPI or POA in place, so the sale needs your explicit CDSL authorisation before it settles. Common triggers are a physically settled F&O position needing delivery, or an MIS sell that could not square off because the stock hit the upper circuit.

Is the Zerodha authorise-holdings email genuine?

A genuine authorisation email comes from a Zerodha domain, and the CDSL TPIN itself is sent by CDSL from its official address. Verify the sender domain, and never enter your Kite password or login OTP into any link. The CDSL page asks only for your TPIN and the CDSL OTP.

How do I authorise the sale of my holdings?

Open the link in the email, which takes you to the CDSL e-DIS page, and authorise the specific securities using your CDSL TPIN followed by the OTP CDSL sends to your registered mobile and email. Complete it before 7:00 PM on the day of the sale.

What is the deadline to authorise my holdings?

Before 7:00 PM on the day of the sale, using only the link in the email. A CDSL TPIN authorisation is valid for that single trading day, so you must authorise afresh each day you sell holdings without DDPI.

How do I stop getting authorise-holdings emails?

Sign the DDPI (Demat Debit and Pledge Instruction). With DDPI active, Zerodha can debit the sold securities directly, the Authorise option no longer appears, and you can sell without entering the CDSL TPIN for each delivery sale.

What is the difference between CDSL TPIN authorisation and DDPI?

CDSL TPIN authorisation (e-DIS) is a per-day approval you give for each delivery sale when you have no standing instruction. DDPI is a one-time standing authorisation that lets the broker debit sold securities without you authorising each sale, replacing the older POA.

Reviewed and published by

WebNotes Editorial Team

The WebNotes Editorial Team covers Indian capital markets, payments infrastructure and retail investor procedures. Every article is fact-checked against primary sources, principally SEBI circulars and master directions, NPCI specifications and the official support documentation published by the intermediary in question. Drafts go through a second-pair-of-eyes review and a separate compliance read before publication, and revisions are tracked against the SEBI and NPCI rule changes referenced in the methodology section.

Last reviewed: 20 June 2026
Conflicts of interest: WebNotes is independent. No relationship with any broker, registrar or bank named in this article.