Error code: AG8001 after providing clientcode, password and totp


  • As per below doc I have provided clientcode(angle one id), password(my account PIN) and totp(which is freshly generated) in my User Request however I am getting Invalid Token 'AG8001' error code.

    https://smartapi.angelbroking.com/docs/User

    My Angle one code is D60469252

    Please check this for me.


  • hello,
    i have the same issue,
    code use working 4 days ago,
    i generated the token again and used that to call historical api, but that gave the invalid token error

    load_dotenv()
    conn = http.client.HTTPSConnection(
        "apiconnect.angelbroking.com"
        )
    conn = http.client.HTTPSConnection("apiconnect.angelbroking.com")
    current_time = str(get_current_time())
    payload={
      "exchange": "NSE",
      "symboltoken": "6071",
      "interval": "ONE_MINUTE",
      "fromdate": "2024-02-08 09:00",
      "todate": "2024-02-11 09:00"
    }
    headers = {
      'X-PrivateKey': os.getenv('API_KEY'),
      'Accept': 'application/json',
      'X-SourceID': 'WEB',
      'X-ClientLocalIP': os.getenv('CLIENT_LOCAL_IP'),
      'X-ClientPublicIP': os.getenv('CLIENT_PUBLIC_IP'),
      'X-MACAddress': os.getenv('MAC_ADDRESS'),
      'X-UserType': 'USER',
      'Authorization': os.getenv('JWT_TOKEN'),
      'Accept': 'application/json',
      'X-SourceID': 'WEB',
      'Content-Type': 'application/json'
    }
    conn.request("POST", "/rest/secure/angelbroking/historical/v1/getCandleData", json.dumps(payload), headers)
    res = conn.getresponse()
    data = res.read().decode("utf-8")
    

    the below code is used to refresh jwt token

    obj=SmartConnect(api_key="something")
    data = obj.generateSession(data_from_db[0],data_from_db[1],generate_totp())
    refreshToken= data['data']['refreshToken']
    jwtToken = data['data']['jwtToken']
    

    here generate_otp() give the returns topt using pytop function.


  • Hi @datlaram

    "Invalid Token" occurs when a request is initiated with an expired or unauthorized token on any SmartAPI. We expect the client to log in every day to consume the provided APIs.
    Please pass the recently fetched token via the API, and share the API request and headers used so we can analyze further if the issue still occurs.

    Note: Validity for token is 24 hours.

    Regards,
    SmartAPI Team


  • Yes, I am still facing the same issue. Below are API details.

    POST /rest/auth/angelbroking/user/v1/loginByPassword HTTP/1.1
    User-Agent: PostmanRuntime/7.39.0
    Accept: /
    Cache-Control: no-cache
    Postman-Token: d5ca3811-f4ec-4168-af6a-da1833b17567
    Host: apiconnect.angelbroking.com
    Accept-Encoding: gzip, deflate, br
    Connection: keep-alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 66
    Cookie: TS015f9101=0167ca9f9bdb9a59313c1be62aef80d23e861b5b2d179571b6f125bdca121d2fc0fb9403beebd59c0019523b4dbc9117197b90e0d7

    clientcode=D60469252&password=4887&totp=TQORVXJ2JW3KEFBMEVONJPQFUY

    HTTP/1.1 200 OK
    Date: Sun, 07 Jul 2024 13:27:11 GMT
    Content-Type: application/json;charset=UTF-8
    Content-Length: 74
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
    Access-Control-Max-Age: 3600
    Access-Control-Allow-Headers: Content-type,X-Requested-With,Origin,accept,Authorization,X-SourceID,X-ClientLocalIP,X-ClientPublicIP,X-MACaddress,X-PrivateKey,X-UserType,Access-Control-Allow-Origin
    Strict-Transport-Security: max-age=31536000
    X-Frame-Options: SAMEORIGIN
    Referrer-Policy: strict-origin
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.angelbroking.com;

    {"success":false,"message":"Invalid Token","errorCode":"AG8001","data":""}


  • Hi @datlaram still you facing the "Invalid Token" issue. If "YES" kindly provide the latest details to check from our side.


  • can i have an update on this issue?


  • I have got the latest totp and PIN and made my request. Below is full API request and response with headers.

    POST https://apiconnect.angelbroking.com/rest/auth/angelbroking/user/v1/loginByPassword:
    "Request Headers": {
    "user-agent": "PostmanRuntime/7.39.0",
    "accept": "/",
    "cache-control": "no-cache",
    "postman-token": "10a4af1e-bb1b-4e8e-a76d-1eb17cd32c5d",
    "host": "apiconnect.angelbroking.com",
    "accept-encoding": "gzip, deflate, br",
    "connection": "keep-alive",
    "content-type": "application/x-www-form-urlencoded",
    "content-length": "66",
    "cookie": "TS015f9101=0167ca9f9bb4819f5a698f0c8582948d65cbb6ae2979090ad94a2adb7eb099c9ea034c79a6ffd0b26d4ca2eaa2b903de47677cc521"
    },
    "Request Body": {
    "clientcode": "D60469252",
    "password": "4887",
    "totp": "TQORVXJ2JW3KEFBMEVONJPQFUY"
    },
    "Response Headers": {
    "date": "Sat, 29 Jun 2024 08:10:48 GMT",
    "content-type": "application/json;charset=UTF-8",
    "content-length": "74",
    "connection": "keep-alive",
    "access-control-allow-origin": "",
    "access-control-allow-methods": "POST, GET, OPTIONS, DELETE",
    "access-control-max-age": "3600",
    "access-control-allow-headers": "Content-type,X-Requested-With,Origin,accept,Authorization,X-SourceID,X-ClientLocalIP,X-ClientPublicIP,X-MACaddress,X-PrivateKey,X-UserType,Access-Control-Allow-Origin",
    "strict-transport-security": "max-age=31536000",
    "x-frame-options": "SAMEORIGIN",
    "referrer-policy": "strict-origin",
    "x-content-type-options": "nosniff",
    "content-security-policy": "frame-ancestors 'self' https://
    .angelbroking.com;",
    "set-cookie": "TS015f9101=0167ca9f9bf45db5c7f744f40aac62c1d84616788d376dae0951e4e0316e9260465692903b6bee58bba10d86268b67fe2b16e03d7a; Path=/; Domain=.apiconnect.angelbroking.com;"
    },
    "Response Body": "{"success":false,"message":"Invalid Token","errorCode":"AG8001","data":""}"
    }


  • Hello @datlaram

    "Invalid Token" occurs while request initiated with expired/unauthorized token on any smartAPI. We expect the client to login everyday to consume the provided APIs. Kindly pass the recently fetched token via API and Please share us the API request, and header passed to analyze further if the issue still occurs.

    Regards,
    SmartAPI Team