Enter the Zerodha API key and secret for the app you registered in your own developer console. The broker password is entered on Zerodha, not in this app.
The webserver only uses these inputs long enough to complete the OAuth handshake. If the registered redirect URL does not match the callback above, the flow stops before leaving this page.
Zerodha requires the registered redirect URL to be HTTPS. A raw `http://192.168...` URL will be rejected. Use an HTTPS origin such as a local reverse proxy or a public TLS endpoint, then append `/api/auth/callback`.