Skip to content

Concepts

Both Jorli CLIs share a small set of conventions. Knowing them up front makes every command page lighter.

Every command supports two recursive global flags:

Flag Effect
--json Write structured JSON output. Indented, camelCase property names.
--no-color Disable ANSI colour output.

Used together, they produce clean, parseable output that’s safe to feed to scripts or to another terminal agent:

Terminal window
kite auth status --json --no-color
dhan orders list --json --no-color

Without --json, the CLI renders Spectre.Console tables (rounded borders, colours) for interactive use. Do not parse the table output — its shape can change between releases.

--verbose prints detailed errors including raw broker error payloads and SDK stack traces. Use it only when debugging API failures. Avoid it in shared transcripts or logs — it can leak low-level error bodies.

Terminal window
dhan orders place --file order.json --dry-run --verbose --json --no-color
Stream Contents
stdout Successful JSON payloads, table renders
stderr Errors, warnings, raw payloads in --verbose

Each CLI uses a small, stable set of exit codes. They are part of the public API.

Code Meaning
0 Success
1 CLI usage error, missing file, missing argument, invalid input
2 Authentication problem or expired / invalid session
3 Kite API error, permission error, network error, data error, rate-limit-style error
4 Unexpected failure
Code Meaning
0 Success
2 Usage error (missing required option, --yes not passed, etc.)
3 Auth failure (HTTP 401 / 403 from Dhan)
4 API failure (any other non-2xx Dhan response)
5 I/O / file error
10 Unexpected runtime error

In all cases, do not retry in a loop on API or auth errors. Stop, inspect stderr and the exit code, and ask the operator for direction if running as an agent.

Secret storage — your keyring, not a config file

Section titled “Secret storage — your keyring, not a config file”

Both CLIs store credentials in the OS-native secret store with a tool-specific key prefix:

OS / Environment Store Key prefix / location
Windows Credential Manager kite-cli:<key> or dhan-cli:<key>
macOS Keychain Service <tool>:<key>, Account <tool>
Linux (with Secret Service) secret-tool (libsecret) Service <tool>, account <tool>:<key>
Linux headless / WSL fallback AES-GCM encrypted file ~/.config/<tool>/secrets.dat (Kite) — for Dhan, the same keyring fallback chain applies

Stored keys per tool:

Kite CLI Dhan CLI
kite-cli:api-key dhan-cli:client-id
kite-cli:api-secret dhan-cli:access-token
kite-cli:access-token

Never commit or share these values. If you need to share a command transcript, redact with placeholders such as <api_key>, <api_secret>, <request_token>, <access_token>, <client_id>.

Each CLI keeps a small, plain-text preferences file for non-secret values (e.g. broker base URL override, redirect port).

CLI Path (Windows) Path (macOS / Linux)
Kite CLI %AppData%\kite-cli\config.json ~/.config/kite-cli/config.json
Dhan CLI %AppData%\dhan-cli\config.json ~/.config/dhan-cli/config.json

Manage them with config set / config get per CLI.

Both CLIs use a small local TcpListener on 127.0.0.1 to capture a broker-supplied token after you complete a browser login. The default callback port is 17890.

  • Configure your broker app’s redirect URL to http://127.0.0.1:17890/.
  • Override the port with --port <number> on auth login / auth partner-login (Dhan) or config set redirectPort <port> (Dhan).
  • If your machine cannot receive the callback (headless boxes, restricted WSL), skip the waiting flow and use the broker’s out-of-band request_token / tokenId instead — see each CLI’s auth page.

Each CLI refuses to silently mutate live trading state.

  • Dhan CLI — every live-account-changing command (order placement, modification, cancellation, kill switch, P&L-based exit, position conversion, IP set, etc.) requires the explicit --yes flag. Without --yes, the CLI refuses with exit code 2. Use --dry-run first to inspect the parsed payload without sending it. Live action
  • Kite CLI — place / modify / cancel commands always read from an operator-supplied JSON file (--file). The CLI never invents quantities, prices, products, or symbols. There is no --yes toggle on Kite; the file is the confirmation. Live action

Dhan requires you to whitelist the static public IP your machine uses for live trading (order placement, modification, cancellation, and several control APIs). Without it, these endpoints return an authorization error. See Dhan CLI › IP.

Each CLI can download its broker’s full instrument master to a local cache and search it offline. Search returns at most 25 matches; quote and historical-data commands consume the broker’s numeric security IDs / instrument tokens from that cache.

CLI Cache location
Kite CLI %LocalAppData%\kite-cli\instruments\
Dhan CLI %AppData%\dhan-cli\instruments\

If you see Instrument cache is missing, run instruments download first.