A session token is a 'key' which authorizes an active login session. You will need to input Session Token in all your API calls in the webportal. Here's how you can generate one-
Login to your WSO2 API Webportal
Scroll down to the bottom and make Rows per page = 100
Search for Sessions-API and click on Try Out in the left panel
Enter your Access Token/Authorisation: Bearer
Click on /session/login/userid function (4th from top) and click on Try it out on the right
Enter your Consumer Key and dummy variables for AppID and IP
Enter your Kotak Securities trading account userID and Password in Request Body
Click on Execute. Upon successful execution, you will see oneTimeToken
Now, click on POST /session/2FA/accesscode (4th from bottom) and click on Try it out
Enter your oneTimeToken generated in step (8), Consumer Key, dummy variables for appID and IP.
In Request Body, enter your User ID and Access Code (don't confuse it with Access Token. Access code is the one you receive via SMS on the website)
Click on Execute to obtain the Session Token.
Use this Session Token in all your subsequent API calls.
Click here to check the end to end process.