Skip to content

dhan auth

The Dhan CLI distinguishes two HTTP hosts:

  • https://auth.dhan.co/ for consent / token-generation flows (its own header style), and
  • https://api.dhan.co/v2/ for the trading API (access-token and client-id headers on every request).

Secrets are stored in the OS keyring under the dhan-cli: prefix. See Concepts › Secret storage.

Subcommand Purpose
dhan auth configure --client-id <id> --access-token <token> Store client id and access token in the OS secret store. The simplest flow — bring your own token.
dhan auth status Show whether client-id / access-token are stored and the authenticated flag.
dhan auth login --client-id <id> --app-id <id> --app-secret <secret> [--port 17890] [--timeout-seconds 180] [--no-open] Browser consent (app/API-key) flow → store token.
dhan auth consume --token-id <id> --app-id <id> --app-secret <secret> Exchange a tokenId from manual consent login for an access token.
dhan auth totp --client-id <id> --pin <pin> --totp <totp> PIN + TOTP login — no browser.
dhan auth partner-login --partner-id <id> --partner-secret <secret> [--port] [--timeout-seconds] [--no-open] Partner browser consent flow.
dhan auth partner-consume --token-id <id> --partner-id <id> --partner-secret <secret> Exchange a partner tokenId.
dhan auth renew Renew the currently active access token (adds a dhanClientId header in addition to client-id and access-token).
dhan auth logout [--forget-client-id] Without flag: clears only the access token. With flag: clears both client id and token.
Terminal window
dhan auth configure --client-id 1000000123 --access-token xyz... --json --no-color
dhan auth status --json --no-color
dhan auth logout --forget-client-id --json --no-color # wipe everything
Terminal window
# Auto-opens the browser and waits for the loopback callback
dhan auth login --client-id C --app-id A --app-secret S --json --no-color
# Print the URL only — useful on headless boxes where you can complete login elsewhere
dhan auth login --client-id C --app-id A --app-secret S --no-open --json --no-color

The redirect URL in the Dhan portal must be http://127.0.0.1:17890/ (default). Override the port with --port or dhan config set redirectPort <port>.

Manual fallback when the callback can’t reach the CLI

Section titled “Manual fallback when the callback can’t reach the CLI”

If the loopback server can’t be reached (sandbox, restricted WSL), copy the tokenId from the browser URL and use:

Terminal window
dhan auth consume --token-id <tokenId> --app-id A --app-secret S --json --no-color
Terminal window
dhan auth totp --client-id C --pin 1234 --totp 567890 --json --no-color

Calls app/generateAccessToken.

Terminal window
dhan auth partner-login --partner-id <id> --partner-secret <secret> --json --no-color
dhan auth partner-consume --token-id <tokenId> --partner-id <id> --partner-secret <secret> --json --no-color
Terminal window
dhan auth renew --json --no-color

The RenewToken endpoint adds a dhanClientId header in addition to the usual client-id and access-token headers used on the v2 surface.