“For Authorized Personnel Only.” Everyone must have heard or seen these words at various offices where some rooms are accessible to few people only from the office staff. Who are these authorized personnel? What makes them authorized? What does authorization mean? To answer all these questions, let’s start with an example.
You are working at a bank as an executive. The bank has a locker room locked with certain passcode. Only the bank manager and the cashier know the passcode. With your bank ID, you can enter the premises of the bank with your ID. But you won’t be able to enter the locker room using your ID card.
From the above example, the bank executive has access to the office premises, but not the locker room. While the bank manager and the cashier can access the bank premises as well as the locker room. So, technically speaking, the ID card for bank executive authorize him to access the bank premises, but not the locker room and the ID card for bank manager and cashier authorize him to access the bank premises as well as the locker room.
APIs also use similar authorization through API keys. Every user has been provided with keys through which they can access the APIs. With the right set of keys, users can send requests through APIs and fetch the required data. Within the context of Open APIs, IIFL Securities provide a set of API keys for users. These keys include following parameters.
With the help of the above keys, users are authorized to access the APIs and fetch data through them. Any wrong combination of such keys won’t provide the data to the user through the APIs and requests will show an error. Keeping such set of keys enhances the security of your account and provides a strong cyber security layer. IIFL Securities customers who have generated these set of keys can access the functionalities of their account through Open APIs.
Another authorization is maintained for partners like Smallcase, Sensibull, Wealthdesk, Quicko, etc. who provides value added products to IIFL Securities customers. Whenever a customer logs in to the platform of a partner for the very first time, they are asked for a consent to allow the partner to fetch the account data through APIs. Partners can use the APIs for only those customers who have provided consent during first time login.
How can I generate the API Keys?
IIFL Securities customers can generate the API keys by following simple steps as mentioned below:
Partners can mail their sales deck and few information including partner name, email address and contact number to firstname.lastname@example.org. IIFL Securities Open API team will reach out to you and generate your API keys.