Skip to main content

Automated Fyers broker access token generation with encrypted storage

Project description

fyers-auto-auth

Automated Fyers broker access token generation with encrypted storage.

Handles the complete TOTP-based login flow, generates access tokens, and caches them encrypted on disk — refreshing automatically each day. Built for use in automated trading systems.

Features

  • Fully automated — no manual browser login needed (after one-time setup)
  • Encrypted storage — access tokens are encrypted at rest using Fernet symmetric encryption
  • Smart caching — tokens are cached in memory and on disk; a new token is fetched only when the cached one is stale
  • Configurable paths — choose where to store your encrypted tokens and encryption keys
  • CLI tools — generate encryption keys and perform first-time app setup from the terminal
  • Retry logic — automatic retries with jitter on transient failures

Installation

pip install fyers-auto-auth

Prerequisites

You need a Fyers API app. If you don't have one:

  1. Go to Fyers API Dashboard and create a new app.
  2. Note down your Client ID, Secret Key, and Redirect URI.
  3. Enable TOTP on your Fyers account and save the TOTP secret key.

Quick Start

1. First-Time App Setup (one-time only)

When you create a new Fyers API app, you must authorize it once in a browser:

fyers-auto-auth setup-app --client-id "XXXXXXXXXX-100" --secret-key "your_secret_key"

This opens a URL in your browser — log in and grant permissions. This is a one-time step.

Or programmatically:

from fyers_auto_auth import setup_app

setup_app(client_id="XXXXXXXXXX-100", secret_key="your_secret_key")

2. Generate an Encryption Key

fyers-auto-auth generate-key
# Key saved to: ~/.fyers_auto_auth/fernet.key

Or with a custom path:

fyers-auto-auth generate-key --output /path/to/my_key.key

Or programmatically:

from fyers_auto_auth import generate_fernet_key

key = generate_fernet_key(save_to="~/.fyers_auto_auth/fernet.key")

3. Get Access Tokens

from fyers_auto_auth import FyersAuth, load_fernet_key

auth = FyersAuth(
    client_id="XXXXXXXXXX-100",
    secret_key="your_secret_key",
    username="your_fyers_id",
    totp_key="YOUR_TOTP_BASE32_KEY",
    pin="1234",
    encryption_key=load_fernet_key(),
)

# Get token — cached, auto-refreshes daily
access_token = auth.get_token()

# Or use the shorthand
access_token = auth()

4. Use with Fyers API

from fyers_apiv3 import fyersModel
from fyers_auto_auth import FyersAuth, load_fernet_key

auth = FyersAuth(
    client_id="XXXXXXXXXX-100",
    secret_key="your_secret_key",
    username="your_fyers_id",
    totp_key="YOUR_TOTP_BASE32_KEY",
    pin="1234",
    encryption_key=load_fernet_key(),
)

fyers = fyersModel.FyersModel(
    client_id="XXXXXXXXXX-100",
    token=auth.get_token(),
    is_async=False,
    log_path="",
)

print(fyers.get_profile())

Configuration

Token File Location

By default, encrypted tokens are stored at ~/.fyers_auto_auth/tokens.json.

You can customize this:

# Option 1: Pass directly
auth = FyersAuth(..., token_file="/path/to/my_tokens.json")

# Option 2: Environment variable
# export FYERS_TOKEN_FILE=/path/to/my_tokens.json
auth = FyersAuth(...)  # picks up from env automatically

Resolution order: explicit argument → FYERS_TOKEN_FILE env var → default path.

Encryption Key Location

The load_fernet_key() helper looks for the key in this order:

  1. Explicit path argument: load_fernet_key("/path/to/key.key")
  2. FYERS_FERNET_KEY env var (the raw key value)
  3. FYERS_FERNET_KEY_FILE env var (path to a key file)
  4. Default: ~/.fyers_auto_auth/fernet.key

Environment Variables

Variable Description
FYERS_TOKEN_FILE Path to the encrypted token file
FYERS_FERNET_KEY Fernet key value (raw)
FYERS_FERNET_KEY_FILE Path to a file containing the Fernet key

CLI Reference

fyers-auto-auth generate-key [--output PATH]
    Generate a new Fernet encryption key.

fyers-auto-auth setup-app --client-id ID --secret-key KEY [--redirect-uri URI] [--no-browser]
    First-time Fyers API app authorization.

API Reference

FyersAuth(client_id, secret_key, username, totp_key, pin, encryption_key, token_file=None, redirect_uri=None)

Main class for automated token management.

  • get_token()str — Get a valid access token (auto-refreshes if stale).
  • auth()str — Shorthand for get_token().

generate_fernet_key(save_to=None)bytes

Generate a new Fernet encryption key. Optionally save to a file.

load_fernet_key(path=None)bytes

Load a Fernet key from file or environment variable.

setup_app(client_id, secret_key, redirect_uri=None, open_browser=True)str

Generate and display the first-time authorization URL.

How It Works

get_token() called
     │
     ├─ Check in-memory cache → return if today's token
     │
     ├─ Check encrypted file on disk → decrypt & return if today's token
     │
     └─ Run full login flow:
         1. Send login OTP request
         2. Verify OTP using TOTP (generated from your secret key)
         3. Verify PIN
         4. Get authorization code
         5. Exchange auth code for access token
         6. Encrypt & save to disk
         7. Cache in memory & return

Security Notes

  • Never commit your .env files, .key files, or tokens.json to version control.
  • Add these to your .gitignore:
    *.env
    *.key
    tokens.json
    
  • The Fernet encryption key is the master secret — treat it like a password.
  • Tokens are valid for one trading day only.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fyers_auto_auth-0.1.5.tar.gz (15.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fyers_auto_auth-0.1.5-py3-none-any.whl (13.6 kB view details)

Uploaded Python 3

File details

Details for the file fyers_auto_auth-0.1.5.tar.gz.

File metadata

  • Download URL: fyers_auto_auth-0.1.5.tar.gz
  • Upload date:
  • Size: 15.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fyers_auto_auth-0.1.5.tar.gz
Algorithm Hash digest
SHA256 e3f5a6b8d83321aa81a49716ebe0543082784debf79ccbf3695cc5522e654587
MD5 b8f11d4d032aeafbea2261228047882e
BLAKE2b-256 69501c4c0e23ac9400017b6b9c2cd2c670b97ec405c7470d2ad80b823505f30a

See more details on using hashes here.

Provenance

The following attestation bundles were made for fyers_auto_auth-0.1.5.tar.gz:

Publisher: pypi-package-publish.yml on KoushikEng/fyers-auto-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fyers_auto_auth-0.1.5-py3-none-any.whl.

File metadata

  • Download URL: fyers_auto_auth-0.1.5-py3-none-any.whl
  • Upload date:
  • Size: 13.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fyers_auto_auth-0.1.5-py3-none-any.whl
Algorithm Hash digest
SHA256 d1740ca3503431594ce81720f902f039867fbff1f2d59939006684ebefc90ded
MD5 b55b9955741794b354bae8297c42887d
BLAKE2b-256 96463f4db13b23843ac49682f29852d8ce1b2ba7ddcecf6c11b78b81c75dfb8a

See more details on using hashes here.

Provenance

The following attestation bundles were made for fyers_auto_auth-0.1.5-py3-none-any.whl:

Publisher: pypi-package-publish.yml on KoushikEng/fyers-auto-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page