User API
Retrieve comprehensive user account details and profile information for authenticated users, enabling personalized trading experiences and account management capabilities.
Overview
The User API provides secure access to user profile data, account settings, and trading permissions. Essential for third-party applications, portfolio management platforms, and custom trading interfaces that require user-specific configuration and personalization.
Key Features
- Account Profile Management: Complete user profile and contact information
- Trading Permissions: Exchange access, order types, and product entitlements
- Bank Account Integration: Linked bank accounts and payment methods
- Security Settings: Authentication preferences and account security status
- Privacy Protection: Sensitive data masking for enhanced security
Endpoint Reference
Get User Details
Retrieve complete user account information and trading permissions.
Endpoint Details
Method: GET
URL: /user/details
Authentication: Required (appID + token)
Request Headers
| Header | Type | Required | Description |
|---|---|---|---|
appID |
string | ✓ | Your application identifier |
token |
string | ✓ | User authentication token |
Request Example
Curl
curl --location 'https://edge.arrow.trade/user/details' \
--header 'appID: <YOUR_APP_ID>' \
--header 'token: <YOUR_TOKEN>'
Javascript Example
const response = await fetch('https://edge.arrow.trade/user/details', {
method: 'GET',
headers: {
'appID': '<YOUR_APP_ID>',
'token': '<YOUR_TOKEN>'
}
});
const userDetails = await response.json();
Python Example
import requests
headers = {
'appID': '<YOUR_APP_ID>',
'token': '<YOUR_TOKEN>'
}
response = requests.get(
'https://edge.arrow.trade/user/details',
headers=headers
)
user_details = response.json()
Response Schema
Success Response
{
"data": {
"accountID": "",
"address": "",
"bankDetails": [
{
"vpa": "abhishek.jain.22.01@okarrow",
"bankName": "HDFC Bank",
"accountType": "BANK_ACCOUNT",
"accountNumber": "*1234"
}
],
"blocked": false,
"city": "",
"depositoryIDs": {
"String": "",
"Valid": false
},
"email": "abhishek@gmail.com",
"exchanges": [
"NFO"
],
"id": "AJ1234",
"image": "https://assets.arrow.trade/profiles/b1582d8a-4aac-42ba-aee6-bc5ed2b27c75.jpg",
"name": "ABHISHEK JAIN",
"ordersTypes": [
"LMT",
"SL-LMT",
"MKT",
"SL-MKT",
"DS"
],
"pan": "*123R",
"phone": "*1234",
"products": [
"NRML",
"MIS",
"CNC",
"CO",
"BO",
"MTF"
],
"state": "",
"totpEnabled": false,
"userType": "Retail"
},
"status": "success"
}
Response Fields
User Profile Information
| Field | Type | Description |
|---|---|---|
id |
string | Unique user identifier |
name |
string | Full name of the user |
email |
string | Registered email address |
phone |
string | Phone number (masked for privacy) |
pan |
string | PAN card number (masked for security) |
image |
string | URL to user's profile picture |
userType |
string | Account type (Retail, Pro, Institutional) |
Account Status & Security
| Field | Type | Description |
|---|---|---|
blocked |
boolean | Account blocking status |
totpEnabled |
boolean | Two-factor authentication status |
accountID |
string | Broker account identifier |
Address Information
| Field | Type | Description |
|---|---|---|
address |
string | Registered address |
city |
string | City of residence |
state |
string | State/province information |
Financial Information
| Field | Type | Description |
|---|---|---|
bankDetails |
array | Array of linked bank accounts |
depositoryIDs |
object | Depository participant information |
Trading Permissions
| Field | Type | Description |
|---|---|---|
exchanges |
array | Authorized trading exchanges |
ordersTypes |
array | Permitted order types |
products |
array | Available trading products |
Bank Details Structure
Bank Account Object
| Field | Type | Description |
|---|---|---|
accountType |
string | Account type (BANK_ACCOUNT, UPI) |
bankName |
string | Name of the bank |
accountNumber |
string | Account number (masked for security) |
vpa |
string | UPI Virtual Payment Address |
Account Types
| Type | Description | Use Case |
|---|---|---|
BANK_ACCOUNT |
Traditional bank account | Fund transfers and settlements |
UPI |
Unified Payments Interface | Quick payments and transfers |
Trading Permissions
Exchange Access
| Exchange | Code | Market Segment |
|---|---|---|
| NSE | NSE |
National Stock Exchange - Equity |
| NFO | NFO |
NSE Futures & Options |
| BSE | BSE |
Bombay Stock Exchange - Equity |
| BFO | BFO |
BSE Futures & Options |
| MCX | MCX |
Multi Commodity Exchange |
Order Types
| Order Type | Code | Description |
|---|---|---|
| Limit Order | LMT |
Execute at specified price or better |
| Market Order | MKT |
Execute at best available price |
| Stop Loss Limit | SL-LMT |
Limit order triggered at stop price |
| Stop Loss Market | SL-MKT |
Market order triggered at stop price |
| Disclosed Size | DS |
Iceberg orders with disclosed quantity |
Product Categories
| Product | Code | Description |
|---|---|---|
| Normal | NRML |
Standard margin trading |
| Margin Intraday Square-off | MIS |
Intraday positions with auto square-off |
| Cash and Carry | CNC |
Delivery-based equity trading |
| Cover Order | CO |
Orders with mandatory stop-loss |
| Bracket Order | BO |
Orders with profit and stop-loss targets |
| Margin Trading Facility | MTF |
Leveraged equity positions |
User Types & Privileges
Account Categories
| User Type | Description | Features |
|---|---|---|
| Retail | Individual investors | Standard trading features |
| Pro | Professional traders | Advanced tools and higher limits |
| Institutional | Corporate accounts | Institutional-grade features |
Security Features
| Feature | Status | Description |
|---|---|---|
| TOTP Authentication | totpEnabled: true/false |
Two-factor authentication via TOTP |
| Account Blocking | blocked: true/false |
Account suspension status |
| Data Masking | Always active | Sensitive information protection |
Privacy & Security
Data Protection
Sensitive Data Handling
The API implements comprehensive privacy protection:
- Phone Numbers: Masked showing only last 4 digits
- PAN Numbers: Masked showing only last character
- Account Numbers: Masked showing only last 4 digits
- Full Address: May be partially masked based on privacy settings
Security Considerations
Best Practices
- Store user data securely with proper encryption
- Implement proper access controls for user information
- Never log or cache sensitive user data
- Respect user privacy preferences and data retention policies
Error Handling
Standard HTTP status codes with structured error responses:
Common Error Scenarios
- 401 Unauthorized: Invalid or expired authentication token
- 403 Forbidden: Insufficient permissions to access user data
- 404 Not Found: User account does not exist
- 429 Rate Limited: Too many requests, implement throttling
- 500 Server Error: Temporary service unavailability
Rate Limits
| Tier | Requests per minute | Burst limit |
|---|---|---|
| Basic | 30 | 5 |
| Premium | 150 | 25 |
| Enterprise | 600 | 100 |
Integration Guidelines
Best Practices
- Cache User Data: Cache user details to reduce API calls (refresh periodically)
- Permission Validation: Always verify user permissions before enabling features
- Privacy Compliance: Handle masked data appropriately in UI displays
- Error Recovery: Implement graceful fallbacks for user data unavailability
- Security: Never expose sensitive user data in logs or client-side code