To add on, being open could be an issue only for those using APIs for random people. One person using APIs for their own personal use may not be impacted.
yes this is my use case. But if someone willing shares keys with others how can it be distinguished from this use case ? You could have 1 ip sending orders for many, but that’s probably not fool proof.
totp as a 2nd factor auth fails here because we can get totp via code too.
But something like a physical rsa device might be acceptable ? That would atleast require the user to share key every time its needed or if he gives up his rsa device itself, then still someone will still need to copy from device.
I don’t know if there is any fool proof way, maybe Zerodha tech can find some way.
The market regulator is only trying to stop algo sellers who promise unrealistic returns to retail traders with its move to regulate API-based algorithmic trading, according to a source who is working closely with the regulator.
The regulator is highly unlikely to interfere with retail traders who aren’t selling algos to others, the insider added.