Groww LogoGroww API

Introduction

Welcome to the Groww Trading API! Our APIs enable you to build and automate trading strategies with seamless access to real-time market data, order placement, portfolio management, and more. Whether you're an experienced algo trader or just starting with automation, Groww's API is designed to be simple, powerful, and developer-friendly.

This documentation focuses on using cURL to interact with the Groww Trading APIs. It provides step-by-step instructions, examples, and best practices for making API requests, handling responses, and integrating Groww's trading functionalities into your applications. Whether you're placing orders, fetching market data, or managing your portfolio, this guide will help you leverage cURL effectively for seamless API integration.

Getting Started

Step 1: Prerequisites

Trading on Groww using Groww APIs requires:

  • A Groww account.
  • Basic knowledge of REST APIs.
  • Having an active Trading API Subscription. You can purchase a subscription from this page.

Step 2: Authentication

There are two ways you can interact with GrowwAPI:

1st Approach: Access Token

(Expires daily at 6:00 AM)

To generate an API access token:

  • Log in to your Groww account.
  • Click on the profile section at the Right-top of your screen.
  • Click on the setting icon in the menu.
  • In the navigation list, select ‘Trading APIs’
  • Click on ‘Generate API keys’ and select ‘Access Token’
  • You can create, revoke and manage all your tokens from this page.
# You can also use wget
curl -X GET https://api.groww.in/v1/order/detail/{groww_order_id}?segment=CASH \
  -H 'Accept: application/json' \
  -H 'Authorization: YOUR_GENERATED_ACCESS_TOKEN' \
  -H 'X-API-VERSION: 1.0'

You can create, revoke and manage all your tokens from this page.

2nd Approach: API Key and Secret Flow

(Uses API Key and Secret — Requires daily approval on Groww Execute Api Keys Page)

  • Go to the Groww Execute API Keys Page.
  • Log in to your Groww account.
  • Click on ‘Generate API key’.
  • Enter the name for the key and click Continue.
  • Copy API Key and Secret. You can manage all your keys from the same page

To generate access token using GrowwApi python sdk please check this page. Else you can use the below curl command to generate access token.

curl -X POST "https://api.groww.in/v1/token/api/access" \
  -H "Authorization: <USER_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "key_type": "approval",
    "checksum": "<Checksum>",
    "timestamp": "1719830400"
  }'

This api requires a checksum and latest timestamp in epoch seconds in request body. Please check How to generate checksum to generate the checksum using your secret.

Request Headers

HeaderTypeDescriptionRequired
AuthorizationStringUser API KeyYes

Request Body

{
  "key_type": "approval",
  "checksum": "abcdef1234567890",
  "timestamp": "1719830400"
}
ParameterTypeDescriptionRequired
key_typeString"approval"Yes
checksumStringHMAC or checksum signatureYes
timestampStringEpoch seconds (10 digits)Yes

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "tokenRefId": "ref-123",
  "sessionName": "my-session",
  "expiry": "2024-07-01T12:34:56",
  "isActive": true
}
ParameterTypeDescription
tokenStringThe generated access token
tokenRefIdStringReference ID for the token
sessionNameStringName of the session
expiryStringExpiry date-time (ISO format)
isActiveBooleanToken status

3rd Approach: TOTP Flow

(Uses API Key and Totp code — Requires daily approval on Groww Execute Api keys page) To generate token using Groww Python SDK, check out this page. Else use this curl command to generate access token.

curl -X POST "https://api.groww.in/v1/token/api/access" \
  -H "Authorization: <USER_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "key_type": "totp",
    "totp": "<TOTP_CODE>"
  }'

Request Headers

HeaderTypeRequiredDescription
AuthorizationStringYesUser API Key

Request Body

{
  "key_type": "totp",
  "totp": "123456"
}
ParameterTypeDescriptionRequired
key_typeString"totp"Yes
totpStringTOTP code generated by the user using a third-party authenticator appYes

API Request and Response structure

Headers

All requests must have following headers. Providing the generated access token in the Authorization header .

Header NameHeader Value
AuthorizationBearer {ACCESS_TOKEN}
Acceptapplication/json
X-API-VERSION1.0

Request structure

GET Requests: Send the required parameters as query parameters in the request. For example,

# You can also use wget
curl -X GET https://api.groww.in/v1/order/detail/{groww_order_id}?segment=CASH \
  -H 'Accept: application/json' \
  -H 'Authorization: ACCESS_TOKEN' \
  -H 'X-API-VERSION: 1.0'
{
  "status": "SUCCESS",
  "payload": {
    "groww_order_id": "GMK39038RDT490CCVRO",
    "trading_symbol": "RELIANCE-EQ",
    "order_status": "OPEN",
    "remark": "Order placed successfully",
    "quantity": 100,
    "price": 2500,
    "trigger_price": 2450,
    "filled_quantity": 100,
    "remaining_quantity": 10,
    "average_fill_price": 2500,
    "deliverable_quantity": 10,
    "amo_status": "PENDING",
    "validity": "DAY",
    "exchange": "NSE",
    "order_type": "MARKET",
    "transaction_type": "BUY",
    "segment": "CASH",
    "product": "CNC",
    "created_at": "2023-10-01T10:15:30",
    "exchange_time": "2023-10-01T10:15:30",
    "trade_date": "2019-08-24T14:15:22Z",
    "order_reference_id": "Ab-654321234-1628190"
  }
}

POST Requests: Parameters are sent in the request body as JSON. For example,

    curl -X POST https://api.groww.in/v1/order/create \
      -H 'Content-Type: application/json' \
      -H 'Accept: application/json' \
      -H 'Authorization: Bearer {ACCESS_TOKEN}' \
      -H 'X-API-VERSION: 1.0' \
      -d '{
        "validity": "DAY",
        "exchange": "NSE",
        "transaction_type": "BUY",
        "order_type": "MARKET",
        "price": 0,
        "product": "CNC",
        "quantity": 1,
        "segment": "CASH",
        "trading_symbol": "IDEA"
    }'

Responses from the API are always JSON.

Successful Request (HTTP 200 OK)

When a request is successfully processed, the API returns a JSON object with a status field set to SUCCESS. The payload field contains the requested data.

{
    "status": "SUCCESS",
    "payload": {
        "symbolIsin": "INE002A01018",
        "productWisePositions": {}
    }
}

Failed Request (HTTP 40x or 50x)

If a request fails, the API returns a JSON object with a status field set to FAILURE. The error field contains details about the failure.

{
    "status": "FAILURE",
    "error": {
        "code": "GA001",
        "message": "Invalid trading symbol.",
        "metadata": null
    }
}

Error Codes

CodeMessage
GA000Internal error occurred
GA001Bad request
GA003Unable to serve request currently
GA004Requested entity does not exist
GA005User not authorised to perform this operation
GA006Cannot process this request
GA007Duplicate order reference id

Rate Limits

The rate limits are applied at the type level, not on individual APIs. This means that all APIs grouped under a type (e.g., Orders, Live Data, Non Trading) share the same limit. If the limit for one API within a type is exhausted, all other APIs in that type will also be rate-limited until the limit window resets.

TypeRequestsLimit (Per second)Limit (Per minute)
OrdersCreate, Modify and Cancel Order15250
Live DataMarket Quote, LTP, OHLC10300
Non TradingOrder Status, Order list, Trade list, Positions, Holdings, Margin20500

How to Generate a Checksum

Checksum should be a SHA256 hash of api secret and and latest timestamp in epoch second concatenated together.

Following code snippets can be used to generate checksum, provided in multiple languages.

Python

import hashlib
import time
 
def generate_checksum(secret: str, timestamp :str) -> str:
    """
    Generates a SHA-256 checksum for the given data and salt.
    :param secret: The api secret value
    :return: Hexadecimal SHA-256 checksum
    """
    input_str = secret + timestamp
    sha256 = hashlib.sha256()
    sha256.update(input_str.encode('utf-8'))
    return sha256.hexdigest()  
 
timestamp = int(time.time()) # Timestamp in epoch seconds
secret = "<Your secret here>"
checksum = generate_checksum(secret, str(timestamp))
print(checksum)

Java

 
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.nio.charset.StandardCharsets;
import java.util.HexFormat;
import java.time.Instant;
 
public class ChecksumGenerator {
 
  private static final String SHA_256 = "SHA-256";
 
  public static void main(String[] args){
    System.out.println(generateChecksum("<your secret here>", getLatestTimestampinEpochSeconds()));
  }
 
  /**
   * Generates a SHA-256 checksum for the given input string.
   */
  public static String generateChecksum(String secret, String timestamp) {
    try {
      String input = secret + timestamp;
      MessageDigest digest = MessageDigest.getInstance(SHA_256);
      byte[] hash = digest.digest(input.getBytes(StandardCharsets.UTF_8));
      return HexFormat.of().formatHex(hash);
    } catch (NoSuchAlgorithmException e) {
      throw new RuntimeException("SHA-256 algorithm not found", e);
    }
  }
 
  /**
   * Return the latest time in epoch Seconds in String
   */
  public static String getLatestTimestampinEpochSeconds(){
    return String.format("%d", Instant.now().getEpochSecond());
  }
}

.NET

using System.Security.Cryptography;
using System.Text;
 
public class ChecksumGenerator
{
    public static void Main(string[] args)
    {
        Console.WriteLine(GenerateChecksum("<your secret here>", GetLatestTimestampInEpochSeconds()));
    }
 
    /// <summary>Generates a SHA-256 checksum for the given input string.</summary>
    public static string GenerateChecksum(string secret, string timestamp)
    {
        string input = secret + timestamp;
        byte[] inputBytes = Encoding.UTF8.GetBytes(input);
        byte[] hashBytes = SHA256.HashData(inputBytes);
        return Convert.ToHexString(hashBytes).ToLowerInvariant();
    }
 
    /// <summary>Returns the current UTC time in epoch seconds as a string.</summary>
    public static string GetLatestTimestampInEpochSeconds()
    {
        return DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();
    }
}

JavaScript

const crypto = require('crypto');
 
// Generates a SHA-256 checksum for the given input string.
function generateChecksum(secret, timestamp) {
  try {
    const input = secret + timestamp;
    console.info(timestamp)
    const hash = crypto.createHash('sha256');
    hash.update(input);
    return hash.digest('hex');
  } catch (error) {
    console.error("Checksum generation failed:", error);
    throw new Error("Failed to generate SHA-256 checksum.");
  }
}
 
// Returns the current time in epoch seconds as a string.
function getLatestTimestampinEpochSeconds() {
  return Math.floor(Date.now() / 1000).toString();
}
 
// Main execution block
function main() {
  const secret = "<your secret here>";
  const timestamp = getLatestTimestampinEpochSeconds();
  const checksum = generateChecksum(secret, timestamp);
    console.log(checksum);
}
 
// Run the main function.
main();
Parameters:
  • secret: The api secret obtained from website

  • timestamp: The latest timestamp value in epoch second. Valid for 10 minutes. Provide the same value in request.


Note

Use the correct type in the request body to select the authentication mode. "approval" for api key and secret, "totp" for api key and totp

All headers are mandatory.


On this page