Static IP &Server Hosting
Everything you need to know about SEBI's static IP compliance, deploying OpenAlgo on your own server, and securing your trading infrastructure.
What is Static IP Compliance?
SEBI requires all retail algo traders to route orders through a fixed IP address.
From 1st April 2026, every retail algo trader using broker APIs must ensure their orders originate from a whitelisted static IP address. This applies to anyone managing their own strategies, bots, or trading infrastructure.
Key Rules
Transactional APIs
Placing, modifying, cancelling orders, basket orders, split orders. Static IP mandatory.
Non-Transactional APIs
Market data, funds, order book, positions, holdings. Rules vary by broker. Some require static IP, some don't.
Who is a "Tech-Savvy Trader"?
SEBI classifies retail algo traders who manage their own infrastructure as "tech-savvy investors." This applies to you if:
As long as your orders stay under 10 per second, you don't need exchange registration. Beyond that threshold, you need to register with the exchange and get an algo ID assigned. Most brokers handle the algo ID assignment on your behalf.
How Broker Whitelisting Works
When creating API keys in your broker's developer portal, you attach your static IP. The broker only accepts orders arriving from that IP. Each broker's interface is slightly different, but the concept is the same: API key + API secret + whitelisted IP.
Most brokers allow only one API key with a primary and secondary IP slot. Only a few selected brokers allow multiple API key generation at their developer portal, but even then, only primary and secondary IPs are supported. Once set, you can only change your static IP after one week. Plan your infrastructure carefully before whitelisting.
Avoid dynamic IPs. Your home internet likely uses a dynamic IP that changes without notice. It may work temporarily, but you never know when it will change. A single IP change means your orders get rejected by the broker until you update and wait a week. Talk to your ISP and get a static IP, or switch to an ISP that supports static IP. Using a VPS server is the most reliable option as static IPs are included by default.
Watch the Full Setup Guide
A complete walkthrough covering static IP compliance, server deployment, Cloudflare setup, and OpenAlgo installation on Ubuntu.
Ways to Get a Static IP
Three approaches depending on your setup and budget.
VPS / Cloud Server
Deploy a server with a VPS provider. Static IP included by default. Best for reliability and 24/7 uptime.
- Static IP included free
- 24/7 uptime
- Mumbai datacenter options
- Starting from ~₹500/month
Home ISP
Request a static IP from your internet service provider (Jio, Airtel, ACT, Tata, etc). Good if you run OpenAlgo on your desktop.
- Contact your ISP
- Monthly fee varies
- Run on desktop/laptop
- No server management needed
Cloud Hyperscalers
AWS, Google Cloud, Azure, Oracle. More powerful but static IP may be charged separately.
- Free tier available
- Static IP charged extra
- Enterprise grade infra
- More complex setup
Check your current IP: Visit openalgo.in/ip to see your current IP address. If it changes frequently, you need a static IP.
Choosing a Server
Shared vs Dedicated CPU, pricing, and what to look for.
Shared CPU
Like a shared apartment. Resources are split between multiple users. Cheaper but performance varies.
Dedicated CPU
Like your own private villa. Resources are exclusively yours. Faster and more consistent performance.
VPS Providers
Vultr
Hourly billing, Mumbai datacenter available
DigitalOcean
Droplets, good documentation
Contabo
Very cheap, shared CPU
Hostinger
Budget friendly, monthly billing
Linode
Reliable, developer friendly
OVH
European provider, good pricing
Cloud Hyperscalers
Amazon AWS
~$3.60/monthUse Elastic IP for static IPv4.
Charged at $0.005/hr whether attached or not. First Elastic IP on a running instance was previously free but now incurs charges.
Google Cloud
~$3.65/monthReserve an External Static IP via VPC Network.
Charged at $0.005/hr when attached to a running VM. Unused reserved IPs cost $0.01/hr (~$7.30/month).
Microsoft Azure
~$3.72/monthUse a Static Public IP address resource.
Standard SKU at $0.005/hr. Charged regardless of whether the resource is active or not.
Oracle Cloud
FreeUse a Reserved Public IP.
Reserved public IPs are free. Always-free tier includes 1 reserved public IP + free ARM VM shapes.
Firewall Configuration for Hyperscalers
If you are using a hyperscaler, you must configure ingress firewall rules to allow traffic on ports 80 and 443. Port 80 is required initially for Let's Encrypt SSL certificate verification. Port 443 provides HTTPS access for your custom domain (e.g., https://algo.yourdomain.com). Without opening these ports, your OpenAlgo instance will not be accessible.
Each provider uses a different name for this, but the concept is the same:
Also ensure server level hardening is in place to prevent basic attacks. Disable unused ports, restrict SSH access, and keep your OS packages updated.
Recommendation: For OpenAlgo, 2 GB RAM is the minimum. 4 GB is comfortable for daily use. Use 1 vCPU (2 vCPU if multitasking). Always choose a Mumbai datacenter for lowest latency to Indian exchanges. Ensure you get an IPv4 address as brokers don't support IPv6 whitelisting yet.
Setup Guide
From zero to a running OpenAlgo instance on your own server.
Purchase a domain from any registrar. Common options: GoDaddy, BigRock, Namecheap, Hostinger. A .in or .com domain typically costs ₹700 to ₹900 per year.
Example: myalgotrading.in, myalgo.com, or use a subdomain like algo.yourdomain.in
Register a free Cloudflare account and add your domain. Point your domain registrar's nameservers to Cloudflare. This gives you DNS management, free SSL, and security protection.
Why Cloudflare? Without it, your server IP is exposed publicly. Cloudflare acts as a shield. 95% of bot attacks are blocked. Your real server IP stays hidden.
Spin up a server with your chosen provider. Select Ubuntu (latest version), choose a Mumbai location, and pick your plan.
OS
Ubuntu 24/25 (latest)
Location
Mumbai (closest to exchange)
IP Version
IPv4 (mandatory for brokers)
Once deployed, you'll receive a public IPv4 address and a root password. Go back to Cloudflare and update your A record with this IP.
Go to your broker's developer portal and create or edit your API app. Attach your server's static IP as the primary IP.
Each broker is different: Some brokers have a separate IP whitelisting section in their developer portal. Others require IP attachment during API app creation itself. Check your specific broker's developer documentation for the exact steps.
SSH into your server and run the installation script:
# Connect to your server
ssh root@your-server-ip
# Download and run the installer
mkdir openalgo-install && cd openalgo-install && curl -O https://raw.githubusercontent.com/marketcalls/openalgo/main/installation/install.sh && chmod +x install.sh
sudo ./install.sh
The script will ask for your domain, broker name, API key, and API secret. It handles everything else automatically:
Multiple accounts? Use install/install-multi.sh instead to run multiple OpenAlgo instances on one server. Ensure all accounts belong to you or your family as per SEBI guidelines.
Open your domain (e.g., myalgo.yourdomain.in) in a browser. Register your account immediately (first user becomes admin). Connect your broker and verify the master contract downloads.
# Check if OpenAlgo is running
sudo systemctl status openalgo-myalgo-yourdomain-in
Server Architecture
What gets installed and how the pieces fit together.
Your Browser
HTTPS via Cloudflare
Cloudflare
DNS, SSL, DDoS protection
Nginx
Reverse proxy on your server
OpenAlgo
Running via systemd (24/7)
Broker API
Orders from your static IP
UFW Firewall
Only ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) are open. Everything else is blocked.
Nginx
Reverse proxy that routes browser requests to OpenAlgo. Handles SSL termination.
Let's Encrypt
Free SSL certificate. Auto-renewed. Provides HTTPS encryption end to end.
Systemd Service
Keeps OpenAlgo running 24/7. Auto-restarts on crashes. Manages logs.
Signal Routing: Where Do Orders Come From?
Even if your strategies run from home (Amibroker, Python, TradingView), the signals are sent to your server. OpenAlgo on the server processes them and places orders. The broker only sees your server's static IP, not your home IP.
Your Home/Office
Strategies & signals
Your Server
OpenAlgo + Static IP
Broker
Sees only server IP
Upgrading & Maintenance
How to keep your OpenAlgo instance up to date on the server.
Upgrade Steps
# 1. Pull latest changes
cd /path/to/openalgo && git pull
# 2. Run database migration (if any DB changes)
cd upgrade && uv run migrate_all.py
# 3. Restart services
sudo systemctl restart openalgo-your-service-name
sudo systemctl restart nginx
Note: Upgrades overwrite core OpenAlgo files. Your custom strategies inside the strategies folder are preserved. If your .env file gets replaced, restore your API key, API secret, and redirect URL from your backup.
Useful Server Commands
sudo systemctl status openalgo-*Check if OpenAlgo is runningsudo systemctl restart openalgo-*Restart OpenAlgo servicesudo ufw statusView firewall ruleshtopLive system monitor (CPU, RAM usage)df -hCheck disk spacefree -mCheck memory usagenprocCheck number of CPU coresPro tip: If your SSH session disconnects after being idle, use ssh -o ServerAliveInterval=60 root@your-ip to keep the connection alive.
Security Best Practices
Protecting your trading infrastructure.
Always use Cloudflare
Never expose your server IP directly. Cloudflare hides your real IP. Even a ping to your domain only reveals Cloudflare's IP. This blocks 95% of bot attacks.
Keep the firewall tight
Only open ports you need (22, 80, 443). The installation script configures this by default. Don't add extra ports unless absolutely necessary.
SSL/TLS Full Strict mode
In Cloudflare, set SSL mode to Full (Strict). This encrypts traffic from browser to Cloudflare and from Cloudflare to your server. End to end protection.
Security headers enabled
OpenAlgo's Nginx config includes security headers by default. You can verify at securityheaders.com. OpenAlgo scores A or A+ grade.
Enable automatic backups
Most VPS providers offer auto-backup for a small fee. If your server crashes, you can restore everything including databases and trading logs.
Register immediately after setup
OpenAlgo is single-user. The first person to register becomes admin. Register right after installation to secure your instance.
Understanding Latency
How fast do orders travel from your server to the exchange?
The Order Journey
When you place an order, it travels through several hops. Each hop adds latency. Here's what a typical end to end journey looks like on a dedicated server in Mumbai:
Your Home (Bangalore) → Your Server (Mumbai)
Internet hop
OpenAlgo Processing
Symbol lookup, validation, caching
Server → Broker API
Varies by broker
Broker OMS → Exchange
Broker's internal checks (130+ validations)
Typical End to End Latency
100 to 200ms
Dedicated CPU (recommended)
300 to 600ms
Shared CPU (budget option)
Measure it yourself: OpenAlgo has a built-in latency dashboard under Logs → Latency. It measures the time from your server to the broker API for every order, including OpenAlgo's processing overhead.
Does Cloudflare Add Latency to Orders?
No. This is a common misconception. Cloudflare only sits between your browser and the server (for accessing the web dashboard). Your trading orders go directly from OpenAlgo on the server to the broker API. Cloudflare is not in that path at all.
Even if Cloudflare has an outage, your strategies keep running and orders keep firing. You just won't be able to access the OpenAlgo web dashboard until Cloudflare recovers.
Live Mode vs Analyzer Mode Latency
Live Mode
Orders go directly to the broker. No LTP checks, no local database writes. Fastest possible execution.
40 to 150ms
Analyzer Mode
Fetches LTP, checks bid/ask, writes to local SQLite database. More overhead but safe for testing.
200 to 400ms
Always test strategies in Analyzer mode first. Once validated, flip to Live mode for production execution. The latency difference exists because Analyzer mode simulates execution locally while Live mode hits the broker directly.
Running on Desktop?
You don't need a server. Here's how static IP works from your home.
If you run OpenAlgo on your desktop or laptop, you need a static IP from your ISP (Internet Service Provider). Your ISP provides you a public facing IP that your broker sees when orders are placed. By default, this IP is dynamic (changes periodically). A static IP ensures it never changes.
Contact your ISP
Call Jio, Airtel, ACT, Tata, BSNL, etc. Ask for a static IP. Most charge a small monthly fee.
Whitelist at broker
Enter your static IP in the broker's developer portal, same as the server method.
Use localhost for OpenAlgo
Your redirect URL stays as 127.0.0.1:5000. Only the order-originating IP matters to the broker.
Setup a firewall
A static IP makes your machine discoverable. Install a firewall (Windows Firewall, UFW on Linux, or pf on Mac) to block all incoming traffic except what you explicitly allow. This guards against external security attacks, port scans, and unauthorized access.
Important: Running on desktop means OpenAlgo is only available when your computer is on. If you shut down or your internet drops, strategies stop. For 24/7 reliability, a VPS server is recommended.
Multiple Broker Accounts
OpenAlgo is single-user: one instance connects to one broker. To run multiple accounts (your own accounts across different brokers, or family accounts), use the multi-instance installer:
sudo ./install/install-multi.sh
This runs multiple OpenAlgo instances on the same server with the same static IP. Each instance gets its own subdomain, systemd service, and database. Ensure all accounts belong to you or your family as per SEBI guidelines.
Static IP Family Sharing
This applies if you are hosting multiple OpenAlgo instances for family accounts on a single static IP. By default, each static IP can only be assigned to one trading account at a time. If you run OpenAlgo for your own account and your family member's account from the same server or home network, you need to request the broker to allow the same static IP across both accounts. This is called Static IP Family Sharing.
Who is Eligible?
Not eligible: Siblings, cousins, in-laws, and all other relationships are not covered under this facility as per the SEBI circular (SEBI/HO/MIRSD/MIRSD-PoD1/P/CIR/2024/169 dated December 03, 2024). Only Spouse, Parent, and Child (adult) relationships are permitted.
Typical Process
Different brokers have different processes for family IP sharing. The general steps are:
Submit a formal request
Send an email or fill a form with your broker's API support team requesting static IP registration and family sharing activation.
Provide account details
Include your client ID, registered name, email, mobile, and your family member's client ID, name, email, and relationship.
Provide IP details
Include your primary static IP address and secondary IP (optional). The same IP set will be shared across both accounts.
Family member confirms consent
Your family member must independently confirm consent, typically by replying from their own registered email address.
Broker verifies and activates
The broker verifies both requests and activates the IP mapping, usually within 1 business day.
Both receive confirmation
Both you and your family member receive confirmation once the shared IP mapping is active.
Before You Begin Checklist
Ensure all of the following are in place before sending your request. Incomplete requests will be returned and will delay activation.
Declaration Requirements
When requesting family sharing, you typically need to declare:
Important: The process varies significantly between brokers. Some brokers handle this via email, some through their developer portal, and some may require additional documentation. If you manage multiple family accounts on the same IP, always check with your specific broker for their exact procedure and approval requirements before setting up.
Static IP Policies & Restrictions to Be Aware Of
Each broker implements static IP policies differently. Stay informed and proactive:
One API key per account (most brokers)
Most brokers allow only one API key creation per account with primary and secondary IP slots. Only a few selected brokers allow multiple API keys, but still with the same IP restrictions.
IP change cooldown period
Once you set your static IP, changes are typically allowed only once per calendar week. Plan your infrastructure migration carefully. A wrong IP means no orders for up to 7 days.
Check broker announcements regularly
Brokers send email announcements about static IP policy changes, new requirements, and deadline extensions. Read these carefully. Policies are evolving and may change without much notice.
Family sharing requires permission
If multiple family members use the same static IP from the same broker, you likely need explicit approval. The process, documentation, and timeline vary by broker.
Cross-broker family accounts
If family members use different brokers, each broker needs to be contacted separately. One broker's approval does not apply to another.
Static IP must match exactly
The IP from which your orders originate must exactly match the whitelisted IP. If your ISP changes your IP (dynamic IP), orders will be silently rejected. There is no fallback or grace period.
Keep records of all approvals
Save all email confirmations, ticket numbers, and approval references. If there is a dispute or audit, these records serve as proof of compliance.
Frequently Asked Questions
Common questions from the community about static IP and hosting.
You can stop the server, but you'll still be billed for the reserved IP, storage, and backups. Only fully deleting the server stops billing entirely, but then you lose your IP and have to reconfigure everything. For most traders, the monthly cost of keeping it running is worth the convenience.
VPS static IPs don't change unless you destroy and recreate the server. If you migrate servers, update the new IP in both Cloudflare (A record) and your broker's developer portal. Brokers allow IP changes once per week.
No. Static IP is only required for API-based algo trading. If you trade manually through your broker's website or mobile app, no static IP is needed.
Not yet. Indian brokers currently only support IPv4 whitelisting. Always ensure your server provides an IPv4 address.
Mumbai datacenters are closest to the NSE/BSE exchange servers. Bangalore and Delhi add 10 to 20ms extra. International locations work but add more latency. For most retail traders, anywhere in India is fine.
Yes. Run Amibroker, Python, or TradingView from home. Signals go to your server's OpenAlgo via the API. OpenAlgo processes and forwards orders to the broker from the server's static IP. The broker only sees the server IP.
Depends on how strategies fetch data. WebSocket-based strategies are lighter. If fetching historical data per strategy, broker rate limits become the bottleneck. Typically 5 to 10 strategies on a standard server.
Your OpenAlgo web dashboard becomes inaccessible, but your server and strategies keep running. Orders continue to fire normally because Cloudflare is only in the browser access path, not the order execution path.
Cost Summary
What to expect for running your own trading server.
Total estimated cost: Starting from approximately ₹1,500 to ₹2,000 per month for a basic setup with domain + VPS. OpenAlgo, Cloudflare, and SSL are all free.
Ready to Deploy?
Follow the documentation for detailed installation instructions.