Security and broker session safeguards

ATM Straddle Bot is designed to work with Dhan trading APIs while reducing the risk of stale sessions, accidental live activation, and hidden background polling.

• Google sign-in is used for dashboard access control.
• Dhan API access tokens are stored in encrypted form before broker connection.
• Live orders are blocked unless static IP readiness checks pass.
• Broker sessions auto-disconnect after dashboard inactivity so stale tabs do not continue polling Dhan.
• Paper mode is available for testing before live trading is enabled.

When the dashboard becomes inactive for too long, the backend disconnects the broker session automatically. This helps prevent abandoned tabs from continuing to poll market data and exhausting Dhan API limits.

Users should generate Dhan API tokens from Dhan's own API section. This app is not intended to request your Dhan account password inside the broker connection form.

If you discover a security concern or believe access was granted incorrectly, contact the operator who provided your onboarding access to this deployment so the issue can be reviewed quickly.