RE: Important Updates to SmartAPI in Compliance with SEBI Guidelines

@admin

Static IP Whitelisting Process - Potential Misuse and Suggested Improvements

Current Process Understanding:

• Users submit their static IP address through the broker's web portal
• System checks if the IP is already registered by another user
• If not registered, the IP gets successfully registered under the submitting user's name

Identified Issue:
The current implementation has a significant vulnerability where:

1. Intentional Misuse: Someone can deliberately register my IP address before I attempt to register
2. Accidental Entry: Users may mistakenly enter incorrect IP addresses, blocking legitimate owners
3. Dynamic IP Reassignment: If an IP was previously registered by another user and later assigned to me by my ISP, I cannot register despite being the legitimate current owner

Real-world Impact:

• Legitimate users are blocked from registering their own IP addresses
• No verification mechanism to confirm actual ownership/usage of the IP
• Potential for malicious blocking of competitors or other users

Suggested Solutions:

1. IP Ownership Verification Process

• Require users to access the registration portal FROM the IP address they wish to register
• Only allow registration when the request originates from the claimed IP address

2. API Call Verification

• Allow IP registration through web portal but mark as "Pending Verification"
• Require at least one successful API call from the registered IP within 24-48 hours to confirm registration
• Auto-expire unverified registrations after the timeout period

3. Active Usage Validation

• Implement periodic validation (monthly/quarterly) requiring API activity from registered IPs
• Auto-deregister IPs with no trading activity for extended periods
• Send advance notifications before deregistration

4. Dispute Resolution Mechanism

• Provide a process for users to claim ownership of their legitimate IP addresses
• Require documentation (ISP letters, network configuration proofs) for disputed IPs
• Allow override of existing registrations with proper verification

5. Enhanced Registration Flow

Step 1: User submits IP via web portal (from any location)
Step 2: System generates unique verification token
Step 3: User must access verification URL from the claimed IP address
Step 4: System confirms IP ownership and completes registration

Questions for Clarification:

1. Is there any current mechanism to handle IP address disputes?
2. Can you implement real-time IP verification during the registration process?
3. Is there a possibility to add IP ownership validation through API calls?

Request:

Please consider implementing enhanced IP validation mechanisms to prevent misuse while ensuring legitimate users can register their IP addresses without unnecessary obstacles.
Looking forward to your response and potential improvements to this critical security process.

@admin

Static IP Whitelisting Process - Potential Misuse and Suggested Improvements

Current Process Understanding:

• Users submit their static IP address through the broker's web portal
• System checks if the IP is already registered by another user
• If not registered, the IP gets successfully registered under the submitting user's name

Identified Issue:
The current implementation has a significant vulnerability where:

1. Intentional Misuse: Someone can deliberately register my IP address before I attempt to register
2. Accidental Entry: Users may mistakenly enter incorrect IP addresses, blocking legitimate owners
3. Dynamic IP Reassignment: If an IP was previously registered by another user and later assigned to me by my ISP, I cannot register despite being the legitimate current owner

Real-world Impact:

• Legitimate users are blocked from registering their own IP addresses
• No verification mechanism to confirm actual ownership/usage of the IP
• Potential for malicious blocking of competitors or other users

Suggested Solutions:

1. IP Ownership Verification Process

• Require users to access the registration portal FROM the IP address they wish to register
• Only allow registration when the request originates from the claimed IP address

2. API Call Verification

• Allow IP registration through web portal but mark as "Pending Verification"
• Require at least one successful API call from the registered IP within 24-48 hours to confirm registration
• Auto-expire unverified registrations after the timeout period

3. Active Usage Validation

• Implement periodic validation (monthly/quarterly) requiring API activity from registered IPs
• Auto-deregister IPs with no trading activity for extended periods
• Send advance notifications before deregistration

4. Dispute Resolution Mechanism

• Provide a process for users to claim ownership of their legitimate IP addresses
• Require documentation (ISP letters, network configuration proofs) for disputed IPs
• Allow override of existing registrations with proper verification

5. Enhanced Registration Flow

Step 1: User submits IP via web portal (from any location)
Step 2: System generates unique verification token
Step 3: User must access verification URL from the claimed IP address
Step 4: System confirms IP ownership and completes registration

Questions for Clarification:

1. Is there any current mechanism to handle IP address disputes?
2. Can you implement real-time IP verification during the registration process?
3. Is there a possibility to add IP ownership validation through API calls?

Request:

Please consider implementing enhanced IP validation mechanisms to prevent misuse while ensuring legitimate users can register their IP addresses without unnecessary obstacles.
Looking forward to your response and potential improvements to this critical security process.

kindly update once ip whitelisting portal live.

Please migrate my Account G88973

@GIIS1003 Admin....plz reply

@G88973 Admin please Reply

My ID is G88973 and getting below error while placing order.

Unable to get order_id: {"success":false,"message":"Invalid Token","errorCode":"AG8001","data":""}