Setting up a CLOB client with signature_type=2 and a Polymarket Deposit Wallet / proxy funder. EOA signer is registered and proxy holds collateral (~$3.98 USDC).
Steps
- Constructed
ClobClient(host, chain_id=137, key=PK) — L1 only.
- Called
create_or_derive_api_key() — succeeds and returns a valid ApiCreds. The initial create_api_key request returns 400 {"error":"Could not create api key"}, then falls back to derive_api_key which succeeds, suggesting credentials already exist server-side for this EOA.
- Reconstructed the client with those creds plus the EOA key,
signature_type=2, and the proxy funder address.
- Every L2 call returns
401 {"error":"Unauthorized/Invalid api key"}. Confirmed on:
GET /balance-allowance?signature_type=2&asset_type=COLLATERALget_api_keys() (no funder/proxy context, pure HMAC L2)
Verified
- Signer address derived from PK matches the EOA registered with the Polymarket account.
- System clock offset < 1s (NTP synced against time.apple.com).
- HMAC implementation in
signing/hmac.py matches the documented Polymarket reference (URL-safe b64 decode of secret, timestamp + method + path + body with single→double quote replacement on body, HMAC-SHA256, URL-safe b64 encode).
- Same 401 also occurred with API keys generated via the Polymarket Builder Codes UI before switching to SDK-derived credentials.
- L1 auth works (the
derive_api_key EIP-712 call succeeds).
Environment
py_clob_client_v2==1.0.0- Python 3.10.20 on macOS
- Chain ID 137 (Polygon mainnet)
The pattern — L1 works, every L2 call 401s with credentials the server itself just issued, HMAC correct, clock synced — looks like a server-side / account-provisioning issue rather than a client bug, but I'd appreciate any pointers. Possibly related to the recent Deposit Wallets rollout?
Setting up a CLOB client with
signature_type=2and a Polymarket Deposit Wallet / proxy funder. EOA signer is registered and proxy holds collateral (~$3.98 USDC).Steps
ClobClient(host, chain_id=137, key=PK)— L1 only.create_or_derive_api_key()— succeeds and returns a validApiCreds. The initialcreate_api_keyrequest returns400 {"error":"Could not create api key"}, then falls back toderive_api_keywhich succeeds, suggesting credentials already exist server-side for this EOA.signature_type=2, and the proxy funder address.401 {"error":"Unauthorized/Invalid api key"}. Confirmed on:GET /balance-allowance?signature_type=2&asset_type=COLLATERALget_api_keys()(no funder/proxy context, pure HMAC L2)Verified
signing/hmac.pymatches the documented Polymarket reference (URL-safe b64 decode of secret,timestamp + method + path + bodywith single→double quote replacement on body, HMAC-SHA256, URL-safe b64 encode).derive_api_keyEIP-712 call succeeds).Environment
py_clob_client_v2==1.0.0The pattern — L1 works, every L2 call 401s with credentials the server itself just issued, HMAC correct, clock synced — looks like a server-side / account-provisioning issue rather than a client bug, but I'd appreciate any pointers. Possibly related to the recent Deposit Wallets rollout?