Order API Returning DH-905 Invalid IP Despite Whitelisted VPS IP

Sourabh1 · April 26, 2026, 12:37am

Dear Dhan Support Team,

I am currently integrating your Order Placement API from my VPS server, but I am consistently receiving the following error:

DH-905 – Invalid IP

I would like to clarify that I have already completed all required setup steps:

• My VPS public IPv4 address is whitelisted in my Dhan account
• The IP verification API confirms:

ipMatchStatus: SECONDARY_MATCH (also tested with PRIMARY)
ordersAllowed: true
• I am making API calls directly from the same VPS using curl (not Postman or any external tool)
• I have ensured that my system is using IPv4 (disabled IPv6 preference at OS level)
• The same error occurs for both NSE_FNO and NSE_EQ order requests

Despite this, every order placement attempt returns “Invalid IP”.

Request you to please check the following on my account:

Whether my account is fully enabled for API-based order placement
Whether any additional activation (such as DDPI or API permissions) is required
Whether Equity and F&O trading via API is enabled
Whether there are any backend restrictions or compliance requirements blocking order execution
Whether the IP whitelisting is correctly applied on your side

This appears to be a backend/account configuration issue rather than a request or IP issue, as all validations from my side are correct.

Please assist in resolving this so I can proceed with API-based trading.

Thank you for your support.

Regards,
Sourabh
Dhan Client ID: 1105017113

bhagwatgeetainshort@autotrade:~$ curl https://api.ipify.org
34.93.255.170

bhagwatgeetainshort@autotrade:~$ curl -4 --request POST \
--url https://api.dhan.co/v2/orders \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'access-token: eyJ0eXAiOiJKV1QiL**************aqGtMiQRM8KA' \
--data '{
  "dhanClientId": "1105017113",
  "correlationId": "test12345",
  "transactionType": "BUY",
  "exchangeSegment": "NSE_FNO",
  "productType": "INTRADAY",
  "orderType": "MARKET",
  "validity": "DAY",
  "securityId": "72255",
  "quantity": 65,
  "afterMarketOrder": true
}'

{"errorType":"Input_Exception","errorCode":"DH-905","errorMessage":"Invalid IP"}

bhagwatgeetainshort@autotrade:~$ curl https://api.dhan.co/v2/ip/getIP \
--header 'access-token: eyJ0eXAiOiJKV1Qi*****************RM8KA'

{"modifyDatePrimary":"2026-05-01",
"modifyDateSecondary":"2026-05-02",
"primaryIP":"34.47.192.68",
"secondaryIP":"34.93.255.170",
"detectedIP":"34.93.255.170",
"ipMatchStatus":"SECONDARY_MATCH",
"ordersAllowed":true}

Msk92 · April 26, 2026, 10:02pm

same here. any updates plz?

sudhakar_ak · April 27, 2026, 10:52am

facing same issue from my end as well.

Client ID: 1111148264

HTTP: 400

Body: {“errorType”:“Input_Exception”,“errorCode”:“DH-905”,“errorMessage”:“Invalid IP”}

Msk92 · April 27, 2026, 8:53pm

thanks for sharing too. Its been this way for me too. why isnt there any update or solution from dhan team about this on this post ?

DSingh · May 5, 2026, 11:22am

@Msk92 @sudhakar_ak @Sourabh1 Verify your IP address from the access_token here.

VIJAY_KALLUR · May 5, 2026, 7:15pm

@Dhan, I’m not able to verify static IP itself

Connection #0 to host ``api.dhan.co`` left intact
[{“message”:“Something went wrong”,“status”:“ERROR”}]

curl --request GET
–url ``https://api.dhan.co/v2/ip/getIP``
–header ‘Accept: application/json’
–header ‘access-token: eyJ0eXAiOiJKV1QiL*******’ -v
Note: Unnecessary use of -X or --request, GET is already inferred.

Host api.dhan.co:443 was resolved.
IPv6: 2600:9000:237a:2400:10:38d8:f780:93a1, 2600:9000:237a:2a00:10:38d8:f780:93a1, 2600:9000:237a:c400:10:38d8:f780:93a1, 2600:9000:237a:ca00:10:38d8:f780:93a1, 2600:9000:237a:8000:10:38d8:f780:93a1, 2600:9000:237a:ea00:10:38d8:f780:93a1, 2600:9000:237a:7200:10:38d8:f780:93a1, 2600:9000:237a:f000:10:38d8:f780:93a1
IPv4: 108.158.46.69, 108.158.46.79, 108.158.46.89, 108.158.46.96
Trying 108.158.46.69:443…
Connected to api.dhan.co (108.158.46.69) port 443
[HTTP/2] [1] OPENED stream for https://api.dhan.co/v2/ip/getIP
[HTTP/2] [1] [:method: GET]
[HTTP/2] [1] [:scheme: https]
[HTTP/2] [1] [:authority: api.dhan.co]
[HTTP/2] [1] [:path: /v2/ip/getIP]
[HTTP/2] [1] [user-agent: curl/8.5.0]
[HTTP/2] [1] [accept: application/json]
[HTTP/2] [1] [access-token: eyJ0eXAiOiJKV1QiLCJhbGciOi****]

GET /v2/ip/getIP HTTP/2
Host: api.dhan.co
User-Agent: curl/8.5.0
Accept: application/json
access-token: eyJ0eXAiOiJ****

< HTTP/2 200
< content-type: application/json
< content-length: 53
< date: Tue, 05 May 2026 19:10:10 GMT
< x-frame-options: SAMEORIGIN
< vary: Origin
< vary: Access-Control-Request-Method
< vary: Access-Control-Request-Headers
< content-security-policy: frame-ancestors ‘none’
< x-cache: Miss from cloudfront
< via: 1.1 f535ebbbbd7f05468fe793ceeef59766.cloudfront.net (CloudFront)
< x-amz-cf-pop: BOM78-P3
< alt-svc: h3=“:443”; ma=86400
< x-amz-cf-id: 4YGE3i28IRxGD1a6FAOaUvJGJc0MuaVfcMkbvaxvVo4yzLTWuGfI8A==
<

Connection #0 to host api.dhan.co left intact
[{“message”:“Something went wrong”,“status”:“ERROR”}]

Ananda_SubuRao · May 8, 2026, 12:43pm

the solution is to generate access_token after setting your STATIC IP.

It is a design issue, but nobody from the dev team knows to answer. Because they believe that they are perfect always.