Login Flow - REST API

1. Get you api_key and secret_key from Quantsapp
2. Create signature based on the secret_key
3. Call the API with the api_key and the signature created on Step 2

Warning

Don't expose your api_key or secret_key you obtain from Quantsapp to the public. Anyone has access to this keys can able to manage orders on-behalf of you

Base Endpoint

https://login.quantsapp.com/api_login

Headers

Name	Value
X-QAPP-Portal	api

Request Params

Name	Description	Default	Allowed Values
mode str	Mode to login	required	api_login
api_version str	Login version	required	1
login_data dict	Login data	required	dict
login_data.api_key str	Api Key	required	str
login_data.signature str	Signature	required	str

Sample Payload

JSON

{
    "mode": "api_login",
    "api_version": "1",
    "login_data": {
        "api_key": "B1ntapbITjy2851_fSSIsR",
        "signature": "73ad552678e2d8347f8080408411c9228851b46e41836a03bf7a4072c3dcfab46a77eb443d2a54b7600f7662b25bfeb70eb9171510f5703331d35f8270345565"
    }
}

Response

Name	Description	Allowed Values
status str	Status code	-1 | 0 | 1
msg str	Message	Success | Failure Message
jwt_token str	Login token to be used for further Authentication	Only on success

successfailure

Sample Response

JSON

{
    "status": "1",
    "msg": "success",
    "jwt_token": "eyJhbGc.yZGVyLXVwZGF...0ZXMifX0.k4W6otJTehvwUs1Q"
}

Sample Response

JSON

{
    "status": "-1" | "0",
    "msg": "Failed",
}

Signature for Login Authentication

1. Encode the api_key and secret_key with utf-8 encoding

2. Create Indian Current Date (1) and encode it with utf-8 encoding

   1. Format:- DD-MMM-YY

      Sample:- 10-Jun-25

3. Create a HMAC signature with encoded api_key as message and secret_key as the key with the sha512 as digest mod (1)

   1. Key = secret_key (encoded)

      Msg = api_key (encoded)

      digestmod = sha512

4. Create a 2nd level HMAC signature with encoded current_date from Step 2 as message and binary_output from Step 3 as the key with the sha512 as digest mod (1)

   1. Key = binary_output (Resultant of Step 3)

      Msg = current_date (Resultant of Step 2)

      digestmod = sha512

5. Decode the final bytes from resultant of Step 4 which will results in the signature to login

PythonJavaScript

Sample Signature Creation

import hmac
import hashlib
import datetime as dt

# Replace with your actual API key and signature
API_KEY = "<YOUR_API_KEY>"
SECRET_KEY = "<YOUR_SECRET_KEY>"


def get_signature(api_key: str, secret_key: str) -> str:
    """
        Generate a signature for the given API key and secret key
        The signature is generated using HMAC with SHA-512 hashing
        and the current date in IST timezone.
    """

    encoded_api_key = api_key.encode('utf-8')
    encoded_secret_key = secret_key.encode('utf-8')
    encoded_current_date = dt.datetime.now(
        tz=dt.timezone(
            offset=dt.timedelta(
                hours=5,
                minutes=30,
            ),
            name='IST',
        ),
    ).strftime(format='%d-%b-%y').encode('utf-8')

    # 1st level of signature creation
    new_key = hmac.new(
        msg=encoded_api_key,
        key=encoded_secret_key,
        digestmod=hashlib.sha512,
    ).digest()  # This gives a Buffer (binary data)

    # Final level of signature creation
    return hmac.new(
        msg=encoded_current_date,
        key=new_key,  # Use the binary output of the first HMAC as the key
        digestmod=hashlib.sha512,
    ).hexdigest()  # Return the hexadecimal string representation

print(get_signature(API_KEY, SECRET_KEY))
# 73ad552678e2d8347f8080408411c9228851b46e41836a03bf7a4072c3dcfab46a77eb443d2a54b7600f7662b25bfeb70eb9171510f5703331d35f8270345565

Sample Signature Creation

const crypto = require('crypto');
const moment = require('moment-timezone'); // You'll need to install this: npm install moment-timezone

// Replace with your actual API key and secret key
const API_KEY = "<YOUR_API_KEY>";
const SECRET_KEY = "<YOUR_SECRET_KEY>";

function getSignature(apiKey, secretKey) {
    /**
     * Generate a signature for the given API key and secret key.
     * The signature is generated using HMAC with SHA-512 hashing
     * and the current date in IST timezone.
     */

    const encodedApiKey = Buffer.from(apiKey, 'utf8');
    const encodedSecretKey = Buffer.from(secretKey, 'utf8');

    // Get current date in IST timezone, formatted as 'DD-Mon-YY'
    // Ensure moment-timezone is configured correctly or provides the 'IST' timezone
    const encodedCurrentDate = Buffer.from(moment().tz("Asia/Kolkata").format('DD-MMM-YY'), 'utf8');

    // 1st level of signature
    const hmac1 = crypto.createHmac('sha512', encodedSecretKey);
    hmac1.update(encodedApiKey);
    const newKey = hmac1.digest(); // This gives a Buffer (binary data)

    // 2nd level of signature
    const hmac2 = crypto.createHmac('sha512', newKey); // Use the binary output of the first HMAC as the key
    hmac2.update(encodedCurrentDate);
    return hmac2.digest('hex'); // Return the hexadecimal string representation
}

console.log(getSignature(API_KEY, SECRET_KEY));
// 73ad552678e2d8347f8080408411c9228851b46e41836a03bf7a4072c3dcfab46a77eb443d2a54b7600f7662b25bfeb70eb9171510f5703331d35f8270345565

Example

cURLPythonJavaScript

Bash

curl https://login.quantsapp.com/api_login \
    --request "POST" \
    --header 'Content-Type: application/json' \
    --header 'X-QAPP-Portal: api' \
    --data '{
        "mode":"api_login",
        "api_version": "1",
        "login_data": {
            "api_key":"<YOUR_API_KEY>",
            "signature":"<YOUR_SIGNATURE>"
        }
    }'

Python

import json
import requests # (1)!

# Replace with your actual API key and signature
API_KEY = "<YOUR_API_KEY>"
SIGNATURE = "<YOUR_SIGNATURE>"

url = 'https://login.quantsapp.com/api_login'

headers = {
    'Content-Type': 'application/json',
    'X-QAPP-Portal': 'api'
}

data = {
    'mode': 'api_login;,
    'api_version': '1',
    'login_data': {
        'api_key': API_KEY,
        'signature': SIGNATURE,
    }
}

try:
    response = requests.post(url, headers=headers, data=json.dumps(data))

    # Check if the request was successful (status code 200)
    if response.status_code == 200:
        print("Request successful!")
        print("Response JSON:")
        print(response.json())
    else:
        print(f"Request failed with status code: {response.status_code}")
        print("Response Text:")
        print(response.text)

except requests.exceptions.RequestException as e:
    print(f"An error occurred: {e}")

1. Before running this code, make sure you have the requests library installed. If not, you can install it using pip:

   Bash

   pip install requests
   

JavaScript

const url = "https://login.quantsapp.com/api_login";

// Replace with your actual API key and signature
const API_KEY = "<YOUR_API_KEY>";
const SIGNATURE = "<YOUR_SIGNATURE>";

const headers = {
    'Content-Type': 'application/json',
    'X-QAPP-Portal': 'api'
};

const data = {
    "mode": "api_login",
    "api_version": 1,
    "login_data": {
        "api_key": API_KEY,
        "signature": SIGNATURE
    }
};

fetch(url, {
    method: 'POST',
    headers: headers,
    body: JSON.stringify(data) // Convert the JavaScript object to a JSON string
})
.then(response => {
    // Check if the request was successful (status code 200-299)
    if (!response.ok) {
        // If not successful, throw an error with the status
        throw new Error(`HTTP error! status: ${response.status}`);
    }
    // Parse the JSON response
    return response.json();
})
.then(data => {
    // Handle the successful response data
    console.log("Request successful!");
    console.log("Response JSON:", data);
})
.catch(error => {
    // Handle any errors that occurred during the fetch operation
    console.error("An error occurred:", error);
});