Complete reference for integrating with the Vivekam financial platform. All endpoints require authentication using a session token obtained via the POST /api/auth/login endpoint.
Base URLs
| Environment | Base URL | Usage |
|---|---|---|
| LOCAL | http://localhost:PORT/api | Development / Local testing |
| TEST | http://vivekamih.gotdns.com:8033/api | Internal testing |
| PROD | http://183.82.48.178:8033/api | Production (external access) |
Request Format
- All requests and responses are JSON
- Set header:
Content-Type: application/json - Set header:
Accept: application/json - Authenticated requests must include:
X-Session-Token: <your-token> - Dates use ISO 8601 format:
yyyy-MM-ddoryyyy-MM-ddTHH:mm:ss
All API endpoints (except login, register, forgot-password, reset-password) require a valid session token. Sessions expire after 8 hours of inactivity and auto-renew on each use.
sessionToken → send as X-Session-Token header on every request → re-login if you receive HTTP 401.
Step-by-Step Integration Guide
Register an account (first time only)
Contact your Vivekam administrator to create an account, or call POST /api/auth/register if self-registration is enabled.
Login to get a Session Token
Call POST /api/auth/login with your credentials. Save the sessionToken from the response.
Include token in every API request
Add the header X-Session-Token: <your-sessionToken> to every request.
Handle 401 Unauthorized responses
If you receive HTTP 401, your session has expired. Call login again to get a new token and retry the request.
Login Example
# 1. Login and get session token curl -X POST http://vivekamih.gotdns.com:8033/api/auth/login \ -H "Content-Type: application/json" \ -d '{"username":"admin","password":"Admin@123"}' # 2. Use the token in subsequent requests curl http://vivekamih.gotdns.com:8033/api/vtp/member-ledger?memberId=101 \ -H "X-Session-Token: <your-session-token>"
using System.Net.Http; using Newtonsoft.Json; var client = new HttpClient(); client.BaseAddress = new Uri("http://vivekamih.gotdns.com:8033/api/"); // 1. Login var loginBody = JsonConvert.SerializeObject(new { username="admin", password="Admin@123" }); var res = await client.PostAsync("auth/login", new StringContent(loginBody, Encoding.UTF8, "application/json")); dynamic data = JsonConvert.DeserializeObject(await res.Content.ReadAsStringAsync()); string token = data.sessionToken; // 2. Use token client.DefaultRequestHeaders.Add("X-Session-Token", token); var ledger = await client.GetAsync("vtp/member-ledger?memberId=101");
// 1. Login const res = await fetch('http://vivekamih.gotdns.com:8033/api/auth/login', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ username: 'admin', password: 'Admin@123' }) }); const { sessionToken } = await res.json(); localStorage.setItem('vtp_token', sessionToken); // 2. Make authenticated requests const ledger = await fetch('http://vivekamih.gotdns.com:8033/api/vtp/member-ledger?memberId=101', { headers: { 'X-Session-Token': sessionToken } }); const data = await ledger.json();
import requests BASE = "http://vivekamih.gotdns.com:8033/api" # 1. Login r = requests.post(f"{BASE}/auth/login", json={"username": "admin", "password": "Admin@123"}) token = r.json()["sessionToken"] headers = {"X-Session-Token": token} # 2. Make authenticated requests ledger = requests.get(f"{BASE}/vtp/member-ledger", params={"memberId": 101}, headers=headers) print(ledger.json())
Password Rules
- Minimum 8 characters
- At least one uppercase letter (A–Z)
- At least one digit (0–9)
- At least one special character:
@ # $ ! % * ? &
forgot-password to reset.
Auth Controller 9 endpoints
User management, login, session and password operations — Base route: /api/auth
VTP Controller 113 endpoints
Portfolio management, billing, member ledger, orders and more — Base route: /api/vtp
Price Controller 137 endpoints
Market data, scrip details, AIMS, PIE, PRIMER, mutual funds — Base route: /api/price
Order Mail Controller 8 endpoints
Trading order mail operations — Base route: /api/ordermail
Partner Products Controller 33 endpoints
Portfolio baskets, instruments, blocking periods, rebalance — Base route: /api/partnerproducts
All errors return JSON — never HTML. Every error response includes success: false and a message field.
| HTTP Code | Meaning | Example Response | Action |
|---|---|---|---|
| 200 OK | Success | {"success":true,"data":…} | Process the response data |
| 400 Bad Request | Missing or invalid parameters | {"success":false,"message":"Username required"} | Check request body / query params |
| 401 Unauthorized | Missing or expired session token | {"success":false,"message":"Session expired…","loginUrl":"…"} | Re-login and retry |
| 403 Forbidden | Insufficient role (e.g. Admin required) | {"success":false,"message":"Admin role required"} | Use an account with Admin role |
| 404 Not Found | Resource not found | {"success":false,"message":"Record not found"} | Verify the request parameters |
| 500 Server Error | Unexpected server error | {"success":false,"error":"…","message":"…"} | Contact support with the error details |
Standard Error Response Structure
{
"success": false,
"status": 401,
"error": "Unauthorized",
"message": "Session expired. Please login again.",
"loginUrl": "http://server/api/auth/login",
"timestamp": "2026-03-19 10:30:00"
}
Ready-to-use client libraries are available for common platforms. All clients handle login, session renewal, and automatic re-authentication on 401.