Authorization
Vendor authorization is done using Login API. For any user of a particular vendor who wants to use Nuvama APIs, Vendor authorization is must. This API requires Vendor Name and Vendor password and the generated session will be valid for 24 hours. All the users who are calling Nuvama APIs through a particular vendor, can use same session. User is required to pass Vendor Name and Session (generated using this API) in the header of all the Nuvama APIs.
Vendor can logout using Logout API. Any user under that vendor will not be able to access any of Nuvama APIs.
Vendor Login API
- Get in touch with us at APIsupport@nuvama.com or can sign up here to get your Vendor/Partner APIkey, Password & AppID created. If you have already received the credentials you do not need to sign up and create one.
- Use those details to login
This API is used to create vendor session which will be valid for 24 hours from time of generation. All the users who are calling Nuvama APIs through a particular vendor, can use same session. User is required to pass Vendor Name and Session (generated using this API) in the header of all the Nuvama APIs.
Key | Value |
---|---|
Method | POST |
URL | <baseURL> edelmw-login/login/accounts/loginvendor/{VendorName} |
Header | Key : Content-Type Value : application/json |
Source | Vendor Name |
Request Parameters:-
Parameter | Data Type | Description | Is Mandatory? |
---|---|---|---|
pwd | string | Password for the given vendor | YES |
Response Parameters:
Parameter | Data Type | Description |
---|---|---|
msg | string | Session token generated for the given vendor. Valid for 24 hours from generation. All the users under this vendor can use same Session. Send this value in Header of all the APIs like below: Key : SourceToken Value : msg |
success | boolean | To indicate if validation & token generation was successful |
Sample Request
Request Method: POST
Request URL:
https://np.nuvamawealth.com/edelmw-login/login/accounts/loginvendor/TEST2
Headers:
Key | Value |
---|---|
Content-Type | application/json |
Request Body:
{
"pwd" : "qwerty#$%1"
}
Sample Responses
Success Response
Response Code: 200
Response Body:
{
"msg": "2120e1a36318d9016878eab72fea1135",
"success": true
}
Integrating With Nuvama API Connect B2B REST APIs
-
Redirect the user to login with their nuvama credentials – sample URL: https://nuvamawealth.com/login?ordsrc=apiventest&ordsrctkn=ef56c441afa3bc5641dc 217f6472a1a5&state=test123
a. ordscr -> Vendor/Partner API key
b. ordsrctkn -> vendor session token generated from the vendor login
c. state -> optional field, this will be passed back to you on redirection -
On successful login, client will be asked to accept a data sharing consent, if they are logging in for the first time
-
Once the client clicks on Accept, they will be redirected back to the redirect URL provided by you – sample URL: https://xyz.com/?login_success=true&userid=80126245&state=test123&encrTkn=s+4xF+ilVi U9emMt+8DY/GUcrewqqGnLu3eONHJkgs8o
a. login_success -> success/fail
b. userid -> client’s Nuvama Trading account number
c. state -> same as passed in request URL
d. encrTkn -> encrypted Auth token for the Client -
Decrypt the encrTkn to get the Auth token
a. The token is encoded using base64, first decode using base 64, then decrypt
b. Decrypt using algorithm AES 256 bits, with the key
c. The key is 32 character long- first 16 character will be your Password (API Security Key); second 16 character will be last 16 character of the ordsrctkn (vendor session token generated from the vendor login)i. E.g., your password - 4cSfRu2fRZR99KCk
ii. The token generated - a79d62877efca412313ee9cd898c94af
iii. Then your decryption key - 4cSfRu2fRZR99KCk313ee9cd898c94afd. Cipher is - AES/CBC/PKCS5PADDING
e. The sample java code to decrypt the encrypted token is provided in the upcoming steps
f. Auth token will get invalidated after 8 hours of inactivity, or at 12:30 AM every day
g. As long as the Client’s session remains active, you will get the same Auth Token on re login -
Use this Auth token for any of our Client REST APIs
- Along with Auth token, please pass AppID key, OrdSrc and OrdSrcTkn in the header– this is mandatory
- Sample Java code to Decrypt the Encrypted token - Online Compiler and Editor/IDE for Java, C/C++, PHP, Python, Perl, etc (jdoodle.com)
- Once you are satisfied with UAT integration, make below changes to point to production –
a. Generate your prod API key, Password and AppID key by signing up here
b. Set your production redirect URL on the partner portal while creating app
c. Sample Client login URL for production - https://www.nuvamawealth.com/login?ordsrc=CUGAPIVen2&ordsrctkn=faa945393f74075bc2e6e9a30ddef026
d. Base URL for partner login - https://np.nuvamawealth.com/edelmw-login/login/
e. Base URL for equity APIs - https://np.nuvamawealth.com/edelmw-eq/eq/
Failure Response
Response Code: 401
Response Body:
{
"config": {},
"error": {
"actCd": "52",
"errCd": "EGN0009",
"errMsg": "Login failed. Invalid Vendor Details"
},
"msgID": "56d460ed-d597-4828-89f3-23744560dcf9",
"srvTm": 1588760901467
}
Vendor Logout API
This API is used to logout a Vendor. Any user, who tries to use Nuvama APIs through this vendor after Vendor logout, will get Session Expired error.
Key | Value |
---|---|
Method | PUT |
URL | <baseURL> /edelmw-login/login/accounts/logoutvendor/{VendorName} |
Header | Key : Content-Type Value : application/json |
Source | Vendor Name |
SourceToken | value of msg received in Vendor Login API |
Request Body : Not Applicable
Response Parameters:
Parameter | Data Type | Description |
---|---|---|
msg | string | Success or failure message |
success | boolean | To indicate if logout was successful or not |
Sample Request
Request Method: PUT
Request URL:
https://np.nuvamawealth.com/edelmw-login/login/accounts/logoutvendor/TEST2
Headers:
Key | Value |
---|---|
Content-Type | application/json |
SourceToken | 7623a5e7dacdd6136119d01841f67644 |
Request Body: Not Applicable
Sample Responses
Success Response
Response Code: 200
Response Body:
{
"msg": "Vendor logged out successfully",
"success": true
}
Failure Response
Response code: 401
Response Body:
{
"config": {},
"error": {
"actCd": "52",
"errCd": "ETRD0001",
"errMsg": "Invalid Source Token. Session Expired"
},
"msgID": "6af38ee6-9cc5-409e-8edd-94318603c289",
"srvTm": 1588761263201
}