OAuth on WebNotes

How to fix mobile browser issue with Kite Connect login

Wed, 20 May 2026 00:00:00 +0000

If Kite Connect OAuth login fails on mobile browser:

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

Step-by-step procedure

Five steps per the procedure infobox.

Kite Connect OAuth login flow

Wed, 20 May 2026 00:00:00 +0000

Kite Connect uses OAuth 2.0 for authentication. End-to-end flow:

1. App registration

Create app at kite.trade :

Set redirect URL.
Get api_key and api_secret.

2. User authorization

Redirect user to:

https://kite.zerodha.com/connect/login?v=3&api_key=<api_key>

User logs into Zerodha; on success, Zerodha redirects to your redirect_url with a request_token query parameter.

3. Exchange request token for access token

POST to /session/token with:

api_key
request_token
checksum (SHA-256 of api_key + request_token + api_secret)

Response includes access_token, valid for the trading day.

How to generate the request_token and access_token on Kite Connect

Tue, 12 May 2026 00:00:00 +0000

Every Kite Connect API session requires a fresh access_token that is valid for the current trading day. Generating an access_token involves a two-step OAuth-style flow: the user logs in through Zerodha’s browser-based consent screen to obtain a request_token, and the server then exchanges that request_token, along with a cryptographic checksum, for an access_token. This guide explains both steps using the official kiteconnect Python SDK .

How the token flow works

Kite Connect’s authentication is modelled on OAuth 2.0 with a custom checksum step. The flow has three actors: your application, the user’s browser, and Zerodha’s API server.