Static ip for algo-trading in zerodha

@Arockiya_Raja From when Zerodha is going to ask for static ip for algo-trading ? and how we have to provide the static ip to zerodha from mail or i have to enter it in zerodha api app ?

@nivas_k @Matti Please check^

We’ll do this by March 31, 2026.

Currently, the plan is to add a field in the Kite Connect developer console to update the static IP.

thank you for reply…

@nithin
Hi Nithin,
Could you please provide a clear update on the Static IP implementation for Kite Connect?

This feature has been pending for quite some time now, and multiple timelines shared earlier have already passed. Many users have been planning their infrastructure around this change, especially those running automated systems on cloud servers where static IP whitelisting is critical for security and reliability .

Over the past several days, several users have asked for a status update in the kite developers forum, [link to the thread] but there hasn’t been any fruitful response from the any concerned

it would really help the community if you could:

• Share the current status of Progress
• Provide a realistic timeline when it will be implemented in zerodha, so that we can position ourself.
• Clarify whether there are any blockers or changes in the plan

Even a brief update would be appreciated so users can plan their systems accordingly.

We’re internally testing the patch to accept static IPs from Kite Connect users.

We’ll be able to push this patch out to production this week, so you should be able to whitelist your IPs by ~March 15.

Everything is on-time as of now.

Could someone please dumb down this whole static ip thing for me? I’m having a hard time understanding this. I run my bot on my laptop daily from 9-3:30, haven’t uploaded it on the cloud as of yet.

Mine is a low frequency strategy, averaging ~4 trades a month. Do I still have to get a static ip and such?

Yes. Unless you choose to place trades manually.

hello @nivas_k @Matti

Regarding the implementation of whitelisting static ips. Can you provide feature to dynamically change whitelisted ip using api. Otherwise it adds to a lot of risk if ip changes unless i opt of services which adds to cost and complexity of setting it up in the code. Please provide some reasonable solution for it. Thanks

Starting April 1st, per the exchange circular, dynamic IPs will no longer be supported. You’ll need to procure a static IP and update it in your account to ensure continued access. Unfortunately, there is no other alternative workaround for this requirement.

You can register up to two static IPs (Primary and Secondary) for your account. Note that static IP changes are permitted only once a week. For further specifics, you can refer to the exchange circular here.

Can primary and secondary both be changed once a week or will it be 1 change will be allowed for either or both of them and have to be updated together. Also as a corner case if need arises to change ip again due to technical issues will there be a way to change it if the quota of change has already been exhausted for the week.

Also can zerodha plan to provide some static ip plan which will be easy to integrate with api . Or can zerodha help with referring to some other party for static ip and provide easy examples in documentation with changes to be made in code structure ? this would make it smooth to transition to new regulatory framework.

If you’re looking for an easier way to handle the static IP requirement, you might want to take a look at what we’re building at QuanCradle.

We started this platform specifically to simplify the static IP infrastructure requirement for Indian traders, starting with Zerodha API users. Instead of setting up VPS, VPNs, proxies, firewall rules, etc., you can launch a gateway server with a fixed Indian IP in just a few minutes.

A few things that might help with your use case:

• Gateway servers are one-click deployments and usually come online within minutes.
• If you connect through VPN, you generally don’t need to change your code structure — your requests will automatically go out through the gateway IP.
• If you prefer proxy routing, we’ve written a few blogs explaining how to integrate that into your code.
• We also run a Discord community where you can get help directly from us and from other traders experimenting with different setups.

We launched recently and are currently running a free trial campaign, so interested traders can test the setup and see if it works for them.

You can learn more here: https://www.quancradle.com/

Some blogs that might help you understand the setup and integration:

• What Is a Gateway Server?
• How to Configure Your Trading Setup with VPN
• Routing Python Algo Orders Through a Secure Trading Proxy

If you’d like to try it out, feel free to join our Discord community and DM us for a trial gateway. Our goal with QuanCradle is simply to make the infrastructure side of algo trading much easier for Indian traders, so hopefully it helps with setups like the one you’re describing.

For Token Generation, using Local machine , but for running the algo I am using machine in AWS.

Token Generation needs Webbrowser GUI, which make it difficult for machines in AWS which does not have GUI.

Will token generation from local machine work, while Static ip to execute kite api calls can be done from aws machine?

+1. It would be of immense help to people who don’t want to master networking, cloud, firewall etc. just so that they can run their codes.

@PK123 These services are already provided by managed hosting providers, would be silly for Z to get into this space!

Thanks for the reply. Pardon my ignorance but I could figure out the following solutions along with their advantages / drawback:

1. Get a static IP from ISP. Most cost effective solution but has its drawbacks wrt security given than most individual traders won’t be having firewall to prevent against malicious attacks. Plus it doesn’t help if you are travelling (unless someone sets up remote access and keep the machine running 24x7).

2. Integrate with AWS / GCP: Requires cloud knowledge. Costs are not prepaid and can come as a surprise. Will be much more costly than option1 but will also be more reliable and secure

3. Get a VPN with a static IP / go with someone like quancradle: Requires you to trust the VPN provider with your data and cost will be around 700-1k per month unless you are taking a very long term contract from the service provider. Plus there will be (substantial) latency.

If I missed any other option, please let me know. If I have to choose I will probably go with option1 but I will still be worried about the security part.

If you’re already trading from your SOHO and require only this much level of redundancy and availability, then this is probably fine. The security aspect is somewhat overblown as you could invest in a prosumer router (Ubiquiti / Mikrotik) with auto updates.

This would be overkill, search for “Managed VPS hosting” and you would get results for the popular ones in India - where they do the setup and maintenance for you.

Not necessarily trust the VPN provider as broker APIs communicate over HTTPS, just make sure their SDK or your code validates the certificate.

Just to clarify a small point here about QuanCradle.

Each user gets a dedicated VM hosted on DigitalOcean/Azure, and the public IP is directly attached to that VM. QuanCradle mainly provides the management layer that handles provisioning, security configuration, monitoring, and maintenance of that infrastructure.

Once the gateway VM is running, the traffic flow is simply:

Trader machine → Gateway VM → Broker API

All communication between your system and the broker happens directly through that VM over HTTPS, so it remains end-to-end encrypted. QuanCradle does not exist in the middle inspecting or processing trading data.

On latency: there will naturally be one additional network hop through the gateway or any cloud based VPN/Proxy setup, but in practice this is typically a few milliseconds, which is generally negligible for most retail algo setups — especially considering broker APIs already enforce limits like 10 orders/sec.

That said, the best way to evaluate this is to test it from your own network, since routing and latency can vary depending on ISP and location. We currently offer a 3-day free gateway trial, so traders can benchmark latency and see whether it fits their setup before committing.

Only buying from AWS/GCP doesn’t get you security. Reliability, may be. Running a secure cloud server is pretty much a job like. You have to have a lot of knowledge about security in the first place and then ensure you have configured everything correctly and haven’t left any loophole that got exploited. It is also not one time work as you have to keep updating your OS and your softwares regularly to avoid having any vulnerability unpatched.

Now a days, with so many cyber crimes happening, once they figure out non techy folks are setting up cloud servers and running algo in it, they would be all over it. Once a VM is compromised, they get your broker keys and tokens and totps and passwords and what not. They wont even withdraw your money to their account. They can easily place some orders from your broker account into a pump and dump stock and take all your money in the most legally illegal money transfer known to man kind. No way to trace this money transfer. Forget getting it back.

AWS has a way to access the machine through tunneling without opening any ports to the internet.
That should cut out a lot of the risk, no ?
We don’t need to be running servers here.

AWS itself has its own issues, there is no prepaid, so best to use something like yubikey and a limited account for day to day work.