All signing can be handled directly by the client libraries.
This is information for advanced users who are NOT using our Python or Typescript Clients. Our provided clients handle signing and authentication for you.
L1: Private Key Authentication
The highest level of authentication is via an account’s Polygon private key.The private key remains in control of a user’s funds and all trading is non-custodial.
The operator never has control over users’ funds. Private key authentication is required for:
- Placing an order (for signing the order)
- Creating or revoking API keys
L1 Header
Header | Required? | Description |
---|---|---|
POLY_ADDRESS | yes | Polygon address |
POLY_SIGNATURE | yes | CLOB EIP 712 signature |
POLY_TIMESTAMP | yes | Current UNIX timestamp |
POLY_NONCE | yes | Nonce. Default 0 |
POLY_SIGNATURE
is generated by signing the following EIP-712 struct.
Implementations exist in:
Signing Example
L2: API Key Authentication
The next level of authentication consists of the API key, secret, and passphrase.These are used solely to authenticate API requests made to Polymarket’s CLOB, such as posting/canceling orders or retrieving an account’s orders and fills. When a user on-boards via:
An API credential includes:
key
: UUID identifying the credentialssecret
: Secret string used to generate HMACs (not sent with requests)passphrase
: Secret string sent with each request, used to encrypt/decrypt the secret (never stored)
L2 Header
).
L2 Header
Header | Required? | Description |
---|---|---|
POLY_ADDRESS | yes | Polygon address |
POLY_SIGNATURE | yes | HMAC signature for request |
POLY_TIMESTAMP | yes | Current UNIX timestamp |
POLY_API_KEY | yes | Polymarket API key |
POLY_PASSPHRASE | yes | Polymarket API key passphrase |
API Key Operations
Create API Key
This endpoint requires an L1 Header.
Derive API Key
This endpoint requires an L1 Header.
Get API Keys
This endpoint requires an L2 Header.
Delete API Key
This endpoint requires an L2 Header.
Access Status
Check the value ofcert_required
by signer address.
HTTP Request:
Get Closed Only Mode Status
This endpoint requires an L2 Header.