Cloudflare blocks API key creation (403) with py_clob_client_v2

[numan0x618]

When attempting to create/derive API L2 keys using py_clob_client_v2, the process fails:

1. Cloudflare 403 block on /auth/api-key (full HTML "Attention Required" page)
2. Then 400 error on /auth/derive-api-key: {"error":"Could not derive api key!"}

The /api/geoblock endpoint works correctly, returning "blocked":false.
Info from https://ipapi.is/:
"is_bogon": false,
"is_mobile": false,
"is_satellite": false,
"is_crawler": false,
"is_datacenter": false,
"is_tor": false,
"is_proxy": false,
"is_vpn": false,
"is_abuser": false
The issue appears to be Cloudflare blocking the /auth/api-key request. Please investigate Cloudflare compatibility in py_clob_client_v2.

Full error log:

[py_clob_client_v2] request error status=403 url=https://clob.polymarket.com/auth/api-key body=<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->
<style>body{margin:0;padding:0}</style>


<!--[if gte IE 10]><!-->
<script>
  if (!navigator.cookieEnabled) {
    window.addEventListener('DOMContentLoaded', function () {
      var cookieEl = document.getElementById('cookie-alert');
      cookieEl.style.display = 'block';
    })
  }
</script>
<!--<![endif]-->

</head>
<body>
  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="block_headline">Sorry, you have been blocked</h1>
... [Cloudflare HTML content] ...
</body>
</html>

[py_clob_client_v2] request error status=400 url=https://clob.polymarket.com/auth/derive-api-key body={"error":"Could not derive api key!"}

Traceback (most recent call last):
  File "L2.py", line 87, in <module>
    creds = client.create_or_derive_api_key()
  File "py_clob_client_v2\client.py", line 483, in create_or_derive_api_key
    return self.derive_api_key(nonce=nonce)
  File "py_clob_client_v2\client.py", line 469, in derive_api_key
    resp = self._get(f"{self.host}{DERIVE_API_KEY}", headers=headers)
  File "py_clob_client_v2\client.py", line 200, in _get
    return get(endpoint, headers=headers, params=params)
  File "py_clob_client_v2\http_helpers\helpers.py", line 92, in get
    return request(endpoint, GET, headers, data, params)
  File "py_clob_client_v2\http_helpers\helpers.py", line 78, in request
    raise PolyApiException(resp)
py_clob_client_v2.exceptions.PolyApiException: PolyApiException[status_code=400, error_message={'error': 'Could not derive api key!'}]

[mannol]

It's not my intention to spam but I'd like to confirm that this is happening to me too, so likely not an isolated case

[j-z-w]

Experiencing same issue

[lakeswimmer]

i have the exact same symptom
yesterday it worked for 90 minutes for me, since then, nothing helps, nasty "bug" imo :) feels like categorically getting filtered out by non standard cryptographic rules

[lakeswimmer]

the derive_api_key( method is more the problem imo, here cloudflare isnt involved, but still it simply doesnt work i just says "cant derive key" so looks to me not like a cloudflare related issue but more like a polymarket backend issue

[copperhuh]

the issue still persists - even with the header 'User-Agent': 'polymarket-clob-client-v2/1.0.1rc1' that's updated in this PR. The request that have L1 headers still get blocked by cloudflare 403

[Zero-Ace5]

I was able to get the keys via js script using headers but order placement still fails. PM sucks after v2

[DanialartStudio]

The same with TS npm client. Its polymarket API problem, not with client.

[numan0x618]

The same with TS npm client. Its polymarket API problem, not with client.

It looks like the issue isn't with the code, but rather that a system administrator could simply configure Cloudflare to stop protecting this endpoint. Because whether Cloudflare is enabled or not, the result would be the same — it doesn't filter 'bad' requests from 'good' ones. Both could using the same tool. The only question is the geo-location tag.

[reidsneo]

even using clobclient v1 to derive api key, then use clob client v2 to process transaction
it is wont work IF you newly create polymarket account, OR using social media login to create account, the balance will fetched as 0 see this Polymarket/polymarket-cli#14

[numan0x618]

case closed probably

[Zero-Ace5]

case closed probably

Actually no. Existing wallet that were created before 29th are working again. Wallets created after that or ones using Metamask Login are still broken. Simple Reason: The Polymarket team forgot to consider how funds will be available on Signature 3 without a proper deposit way