LOGIN API

This Api is used to authenticate users by validating their login credentials. Upon successful authentication, the API returns the following in the response :

• access_token : This token must be includedin the Authorization header of all subsequnt API request to authorize the users session.
• broadcase_access_token :This token is required to establish a connection with the feed endpoint, accessile via the broadCastSocket URL provided in the response. Please refer to the Price Feed API for detailed usage instructions.

Additionally, the response includes essential information for trading, such as: 

• The list of exchanges allowed for the user.
• Supported Product type.
• Other key trading-related parameters.

This API is prerequisite for accessing all authenticated endpoints in the system.

🗝️Login Types and Second-Factor Authentication

login_type	Password Field	second_auth-type	second_auth_value
PASSWORD	Password	REGISTER	Not required
TOKEN	register_token	OTP/TOTP/FINGERPRINT	OTP Value/TOTP Value/Registered UDID
PASSWORD	Password	OTP/TOTP/FINGERPRINT	OTP Value/TOTP Value/Registered UDID
MPIN	MPIN Registered	OTP/TOTP/FINGERPRINT	OTP Value/TOTP Value/Registered UDID
TP_TOKEN	SSO token	Not Required	Not Required

📝Authentication Flow Notes

• To retrieve the second-factor authentication methods available for a user, user REGISTER in the second_auth_type field.
• This will validate the provided password and return a register_token.
• The returned register_token can then be used in a subsequent login attempt with login_type set to TOKEN, along with the appropriate second-factor credentials.

🔑Header Parameters

Header	Type	Description	Example
Content-Type	string	Specifies the media type of the request payload	application/json
x-api-key	string	API key used to authorize the request	x-api-key

📑Request Body Parameters

Field	Type	Required	Descrpiton	Example/Enum
user_id	string	Yes	User ID (UCC) Provided to the user	"UCC123456"
login_type	string	Optional	Specifies the login method. Determines which vlaue is passed in the password field. Use TP_TOKEN when authentication is handled externally 9eg., via a Super APP)	Default: "PASSWORD" Enum : PASSWORD, MPIN, FINGERPRINT, TP_TOKEN
password	string	Yes	Password, MPIN, UDID or SSO Token depnding on the login_type selected.	"mypassword123"
second_auth_tpe	string	Optional	Type of secondary authentication selected by the user.User REGISTER on first login to register a second-factor method.	Enum : OTP, TOTP, FINGERPRINT, REGISTER
second_auth	string	Optional	The credential value for the selected secondary authentication type (e.g., OTP, TOTP,UDID)	"123456"/"MyDeviceID"
api_key	string	Yes	API Key providedby Synapsewavefor authenticating the client application	"xyz-api-key"
source	string	Yes	Indicates the platfrom from which the user is logging in	Enum : WEBAPI, MOBILEAPI
UDID	String	Optional	Unique Device ID of the user's device.	"device-12345-udid"
version	string	Optional	version number fo the Android application	"2.1.0"
iosversion	string	Optional	Version number of the iOS application	"3.0.5"
build_version	string	Optional	Internal build version of the application	"build-45"
deviceinfo	object	Optional	Additional information about the user's device (e.g., OS, model, etc)	{"os" : "Android", "model" : "Pixel 6"}

📘DeviceInfo Object Fields

Field	Type	Description	Example/ENUM
UDID	string	The unique identifier for the device.	"123e4567-e89b-a456-426614174000"
DeviceModel	string	The model of the device from which the user has logged in.	"iPhone 12"
DeviceSerialNo	string	The serial number of the device used for log in.	SN1234567890
DeviceManufacturer	string	The manufacturer of the device used for login.	Apple
DevicePlatform	string	The platform of the device used for login	Web
DevicePlatformVer	string	The version of the platform (OS) on the device used for login.	14.4
Longitude	string	The longitude coordinate of the device's location when logging in.	77.5946
Latitude	string	The latitude coordinate of the device's location when logging in.	"12.9716"
AppName	string	The name of the application being used for login.	Wave 3.0
AppVersion	string	The version of the application used for login.	"1.2.3"
AppVersionCode	string	The version code of the application used for login.	"200000"
AppPackageName	string	The package name of the application used for login (Android only).	com.example.myapp
FCMRegKey	string	The Firebase Cloud Messaging (FCM) registration key for push notifications	"172.25.90.82:8100
IP	string	IP Address of the device used for login	"192.168.1.1"
SDKVersion	string	The version of the software development kit (SDK) used for the application.	"30"

🟢Success Response - 200 Ok

Content-Type: application/json

Filed	Type	Description	Exmple
status	string	Indicates the result of the API call	"success"
code	string	Response code corresponding to the request	"s-101"
message	string	Descriptive message for the response	"User logged in Successfully."
data	object	Contains the user login response payload, including token and user-specific trading information	See below table

📑 Data object fields

Fields	Type	Description	Example / Enum
access_token	string	The authentication token to be used with subsequent requests	eyJhbGci..
user_name	string	User's display name	API TEST
login_time	string	User's last login time (ISO 8601 recommended)	2023-Sep-20 14:15:02
exchanges	string[]	Exchanges allowed to the user	["NSE_EQ","NSE_FO",..]
bcastExchanges	string[]	Exchanges allowed to user for market feed data	["NSE_EQ","NSE_FO","BSE_EQ"....]
product_types	string[]	Product types allowed to user across all exchanges	["INTRADAY","DELIVERY","COVER","BRACKET","MTF","BTST"]
product_types_exchange	object	Product types allowed to user, keyed by exchange	{ "NSE_FO": ["INTRADAY","DELIVERY","COVER","BRACKET"], ... }
mpin_enabled	boolean	Flag indicating if user has registered MPIN	true
fingerprint_enabled	boolean	Flag indicating if user has registered fingerprint	false
user_id	string	User Id (UCC) provided to the user	APITEST
others	object	Additional user details (see below)	See below table

📑 Others object fields

Fields	Type	Description	Example / Enum
userCode	string	Internal user code	NWSYF
groupId	string	Group identifier the user belongs to	HO
groupCode	string	Group code	AAAAA
newsCategories	string	News categories available to the user	"25051,25039,25038,25048,25028,25000..."
messageSocket	string	Endpoint of socket.io server for receiving interactive messages	wss://socketio-uat.odinwave.com:8443
broadCastSocket	string	Endpoint of web socket server for receiving market feed data	wss://odindemo.synapsewave.com:4510
secondBroadCastSocket	string[]	Other market feed server endpoints	["ws://Odindemo.synapsewave.com:4509"]
POA	string	POA status of user. Enum: "0" = POA user, "2" = Non POA user	"0"
nGTDDefault	integer	Default GTD (Good Till Date) days set	2
nGTDMaxDays	integer	Maximum days allowed for GTD	365
sGTDConfigDetails	string	GTD configuration details (serialized or human readable)	`"2
ocToken	string	OC (order control / other) token	0x01C1DBD524FBF3C904A6BCF65D29DC
managerIP	string	Manager IP address (if applicable)	Odindemo.synapsewave.com
tslAllowed	string[]	TSL (trailing stop loss) allowed settings	["NSE_EQ","NSE_FO","BSE_EQ"...]
edisForMTF	boolean	EDIS (Electronic DIS) availability for MTF (Margin Trading Facility)	false
showJumpPriceBothLtpAndTriggerPrice	boolean	Flag to show jump price for both LTP and trigger price	false
CFT	string	CFT field (context-specific)	HEATMAP1
bAMOAllowedForUser	boolean	Whether AMO (After Market Order) is allowed for the user	true

post/authentication/v1/user/session