Using a checkout bot on an Indian Shopify retailer is a breach of contract (the store's TOS) and in most cases a TOS-level breach of Razorpay's merchant agreement too. It's almost never a criminal matter under the IT Act 2000 or the Bharatiya Nyaya Sanhita, unless the bot involves fake identity, stolen cards, or denial-of-service-level traffic. Retailers can and do void orders, ban accounts, and blacklist addresses.
What the IT Act 2000 actually says
Most "are bots illegal in India" articles lean on the IT Act 2000 — specifically Sections 43 (unauthorised access), 66 (computer-related offences), and 66C (identity theft). None of them were written with sneaker checkout in mind, and reading them carefully reveals why a bot author in India is rarely in criminal jeopardy:
- Section 43(a) criminalises accessing a "computer, computer system or computer network … without permission of the owner." A public product page that returns 200 OK to any HTTP request is, by operation of the retailer's own infrastructure, granting permission to fetch. TOS "you may not use automated means" is a contractual restriction, not a revocation of HTTP access. Indian courts have not, to our reading, treated a TOS-banned automated request as "without permission" in the Section 43 sense.
- Section 66C (identity theft) kicks in if the bot uses someone else's identity, password or credit card. A bot using your own credentials and your own card doesn't touch this section.
- Section 43(e) (causing disruption) could in principle cover a bot that hammers a site so hard it crashes. At the volumes a typical consumer AIO bot hits, this is very unlikely to rise to the threshold Indian courts have applied.
Takeaway: if you're using a paid bot (AIO, Balko, equivalent), on your own account, with your own card, against a public Shopify storefront — criminal liability under the IT Act is not where your risk lives.
Where the civil risk lives
The bigger exposure is contract law. Every Indian retailer we've checked — Superkicks, Crepdog Crew, Limited Edt, Mainstreet — has a TOS section that reads, approximately, "you may not use automated systems, scripts, bots, or scrapers to access the Site." That language matters because:
- It gives the retailer a clean right to void your order. Section 74 of the Indian Contract Act lets them refuse performance when the contract's formation involved a breach of stated terms.
- It gives them a right to ban your account, your email address, your shipping address, and (via Razorpay's chargeback rules) flag your card. The last of these matters: a chargeback-risk flag on your card bleeds into other merchants.
- In a worst case, they can pursue damages for the disrupted drop. That's never been done, to our knowledge, by an Indian sneaker retailer against an Indian buyer. It's not impossible.
The Consumer Protection (E-Commerce) Rules, 2020
This is the piece that most bot-legality articles miss. The CPER 2020 imposes obligations on e-commerce platforms around fair trade practices, accurate pricing, and non-discriminatory treatment of consumers. It's a platform obligation, not a buyer obligation — but it's relevant because a retailer enforcing a bot ban is explicitly allowed to under CPER Rule 6(4), which lets platforms "establish reasonable grievance redressal mechanisms" and policy enforcement. In other words: retailers have CPER cover for voiding a bot-placed order; there's no consumer-rights argument that gets the order restored.
Razorpay's merchant agreement
A detail worth knowing: the Razorpay merchant terms prohibit "transactions effected through automated scripts or fraudulent means." When an Indian retailer files a chargeback-exception request against a bot order, Razorpay's enforcement response is typically to credit the retailer and flag the card. This doesn't make the bot transaction illegal — it makes it expensive and reputation-damaging for the buyer.
The Bharatiya Nyaya Sanhita angle
BNS 2023 Section 318 (cheating) and Section 319 (impersonation) can apply if the bot uses fabricated identities or stolen payment instruments. On a bot that uses your own name, your own card, your own address — these sections don't reach.
What actually happens to people who use bots in India
Anecdotally, and from conversations with retail staff at two of the four main Indian stores:
- First offence, detected at checkout: order cancelled, refund issued, account warned.
- Second or multi-account pattern: account banned, shipping address flagged (future orders to that address auto-cancel), sometimes card-fingerprint blacklisted.
- Tens or hundreds of accounts on one bot setup: retailer escalates to Razorpay and requests a merchant-side chargeback on all relevant transactions. In serious cases, retailer files a civil complaint; we haven't seen this result in actual litigation yet, but the threat letter alone is enough to end the behaviour.
The ethical piece
Leaving law aside for a second: the Indian sneaker market is small. The allocation Nike, adidas and ASICS give each Indian retailer is already thin. Every bot-captured pair is one fewer genuine customer, which is one less reason for the brand to allocate next time. If the hobby disappears because the drops disappear, we did it to ourselves.
If the answer to "should I run a bot?" is "I would if it were legal", the honest second question is: "is the market better or worse off if everyone who thinks that runs one?" The answer is worse, and visibly so.
There is a legal way to get ahead of drops
KicksIndia emails you the moment a pair lands in your size at any of the four main Indian retailers. No scripts, no automation on your end — just a faster notification than Instagram. See how it works.
FAQ
Is scraping a product catalog illegal?
This is different from bot-checkout. Scraping public product data — names, prices, images, availability — is generally not a criminal matter under Indian law, especially when done at a low rate and from a single IP. The civil question is whether the retailer's TOS permits it. KicksIndia does this, at a low rate, without carting, checkout or account creation. It's the part of the TOS that says "no automated scripts shall be used to place orders or create accounts" we care about, and we don't do either.
What about SNKRS India?
Nike's terms globally prohibit bots and enforce aggressively, including at the IP level. Every Indian SNKRS raffle result we've seen has had bot-flagged entries disqualified without notification. Don't.
If I'm using a "cook group" that runs bots for me, am I liable?
Contractually yes — you accepted the TOS when you bought from the retailer, regardless of whether the bot was your code. If the order is voided, it's your order that gets voided, your refund that's processed, your address that gets flagged.