Title:** SmartAPI order placement – AG8001 Invalid Token even with fresh login (Client M173002)
Hi Team,
I am facing a consistent AG8001 - Invalid Token error on the order placement API for my account M173002, even when using a freshly generated jwtToken from generateSession.
- Login works fine (Python SDK)
I am using the official smartapi-python SDK:
from SmartApi.smartConnect import SmartConnect
import pyotp, json
API_KEY = "hbeV0h3A" # for M173002
CLIENT_CODE = "M173002"
PASSWORD = "<hidden>"
TOTP_SECRET = "<hidden>"
obj = SmartConnect(api_key=API_KEY)
totp = pyotp.TOTP(TOTP_SECRET).now()
data = obj.generateSession(CLIENT_CODE, PASSWORD, totp)
print("Login response:", json.dumps(data, indent=2))
This returns:
{
"status": true,
"message": "SUCCESS",
"data": {
"clientcode": "M173002",
"jwtToken": "Bearer eyJhbGciOiJIUzUxMiJ9....uiswy9BT8U...",
"refreshToken": "...",
"feedToken": "...",
"exchanges": ["nse_fo","nse_cm","cde_fo","ncx_fo","bse_fo","bse_cm","mcx_fo"],
"products": ["MARGIN","MIS","NRML","CNC","CO","BO"]
}
}
So authentication, exchanges, and products are all fine and I receive a valid jwtToken.
2) Immediate order placement via raw HTTP (no delay)
Right after login, I call the order endpoint using the same API key and the same jwtToken:
import requests, json
url = "https://apiconnect.angelone.in/rest/secure/angelbroking/order/v1/placeOrder"
headers = {
"X-API-Key": "hbeV0h3A", # same as used in SmartConnect
"Authorization": "Bearer eyJhbGciOiJIUzUxMiJ9....uiswy9BT8U...",
"X-ClientLocalIP": "127.0.0.1",
"X-ClientPublicIP": "127.0.0.1",
"X-MACAddress": "00:00:00:00:00:00",
"X-UserType": "USER",
"X-SourceID": "WEB",
"Accept": "application/json",
"Content-Type": "application/json"
}
payload = {
"variety": "NORMAL",
"tradingsymbol": "NIFTY24MAR2625700PE",
"symboltoken": "62792",
"transactiontype": "BUY",
"exchange": "NFO",
"ordertype": "MARKET",
"producttype": "NRML",
"duration": "DAY",
"price": "0",
"triggerprice": "0",
"quantity": "1"
}
resp = requests.post(url, headers=headers, json=payload)
print("Status code:", resp.status_code)
print("Raw body repr:", repr(resp.text))
Actual response:
Status code: 200
Raw body repr: '{"success":false,"message":"Invalid Token","errorCode":"AG8001","data":""}'
JSON body: {'success': False, 'message': 'Invalid Token', 'errorCode': 'AG8001', 'data': ''}
Important notes:
X-API-Keyin login and in order request is exactly the same:hbeV0h3A.Authorizationheader uses the fresh jwtToken returned bygenerateSession(no manual editing except removing the “Bearer ” when needed).- The order request is sent immediately after login in the same session, so token expiry is not the issue.
- IP headers (
X-ClientLocalIP,X-ClientPublicIP) and other mandatory headers are present.
Still, the order endpoint always returns AG8001 - Invalid Token.
3) What I suspect
- The auth service is issuing a jwtToken/refreshToken correctly (
SUCCESSresponse). - But the order microservice is rejecting the same token with
AG8001. - This looks like a backend token validation / mapping issue between the auth service and the order service for my API key.
4) Request
Please check the SmartAPI backend configuration for:
- Client Code:
M173002 - API Key:
hbeV0h3A
Specifically:
- Verify that tokens issued by
generateSessionfor this API key are accepted by theorder/v1/placeOrderservice. - Confirm if there are any additional requirements (IP whitelisting, device binding, etc.) beyond the headers shown above.
- Fix the AG8001 behaviour or let me know if anything needs to be changed on my side.
Thanks in advance.