@Trishul_Devadiga Can you please share the above comment with your backend team. Please share some feedbacks on it as adding “Expired” state will make the RenewToken seamless.
Hey @nitishbangera
Will definitely take this into account. Yes, there can be three states for the same and will look into the feasibility of implementing this.
Yes, this is true and it will stay this way, as we want the authentication for renew token to work based on validity of current token. This is important for us to ensure we are only allowing active sessions to be extended.
Hello @Hardik Thank you for acknowledging and look forward for this implementation.
from what i have observed since last 2 days, have you guys started detecting selenium automation on the login page to invalidate sessions, are you trying to stop automation and enforce manual login ?
yes… observed the same.. but its only in TOTP.. SMS OTP works fine…
I second that.
Even I am having the issue with login and frequently encoutering the Session Invalidated error message making the login automation break. This is specifically happening in morning hours before market opens. However, when try to run the same login automation in mid day or evening, then login is working without issue.
@Hardik can you please look into this?
Hey @kushal @Abhishek_Tiwari1 @deepaklost
Let us look into this. Can you share some more details like your Client ID over DM here, we can check logs to assist you better.
@Shrutika_Poojari @Trishul_Devadiga
I have implemented the token refresh and it works most of the times. However, it fails also.
I’m doing refresh token twice in a day, one in morning before the market opens and one in the evening(to keep the token alive forever). Not sure, why it fails sometimes. Do you see any issues?
Log:
Refresh run at: 2025-12-01T07:30:01+00:00
Token refreshed!
Refresh run at: 2025-12-02T07:30:01+00:00
Refresh failed: {“errorType”:“Order_Error”,“errorCode”:“DH-906”,“errorMessage”:“Invalid Token”}
Just to update you the refresh access token works only when your existing access token is still active. If it has already expired, the refresh request won’t go through. So please make sure the access token is valid before you trigger the refresh.
@Shubham_Singh Any updates on implementing the Expired status for the token? As mentioned previously, the current behaviour of a refresh token api is incorrect because it depends on the existing token being active. The token behaviour should be similar to how Keycloak handles refresh token and it is by using the client id and the last token generated by that client id which is currently expired.
Hey @Shubham_Singh Correct me if I’m wrong.
This is the current logic that I have.
- Generate new token from web.
- Use it in my algo which is on cloud.
- Refresh the token which I have generated in step 1 when the day ends
- Store the latest token
- Use the latest token next day
My question is, If I refresh the token before the current one expires. It should work yes?
Yes, you got this right. The Refresh Acces Token should be used before the expiry of the current active access token.
@Rajashekhar_Rangappa If you generated the token at 00:00 am, run a cron everyday after 23 hours 55 minutes with the previously generated token and store it as the current token to be used for the next day’s market. For the NSE market, you can do that from 9:10am onwards but the only con is every day you are going back by 5 minutes because the refresh token api doesn’t work with an inactive token. Hence my suggestion to the Dhan team is to include another state expired for the token, link it to the client id and then allow the refresh token api to be called on it.
okay. thanks for the info.
Next question, Not sure why token refresh fails sometimes though current token is still active.
Refresh failed: {“errorType”:“Order_Error”,“errorCode”:“DH-906”,“errorMessage”:“Invalid Token”}