Skip to content

[fix] Unauthorized error #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cullenwatson wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[fix] Unauthorized error #173

cullenwatson wants to merge 2 commits into from
+2 −1

Conversation

@cullenwatson
Copy link

@cullenwatson cullenwatson commented Nov 20, 2025
edited by cursor bot
Loading

Fixes "Unauthorized/Invalid api key" error

Note

Serialize the request body with compact JSON when building HMAC signatures to ensure cross-language consistency and prevent auth errors.

  • Signing:
    • Use json.dumps(..., separators=(",", ":")) to serialize body in build_hmac_signature, ensuring a canonical HMAC message across languages.

Written by Cursor Bugbot for commit b478b46. This will update automatically on new commits. Configure here.

@cullenwatson cullenwatson requested a review from a team as a code owner November 20, 2025 12:11
@cullenwatson cullenwatson changed the title fix: hmac [fix] Unauthorized error Nov 20, 2025
@starling114
Copy link

starling114 commented Nov 20, 2025

@cullenwatson Thanks for this fix, I can confirm that it works. Post order doesn't throw unauthenticated errors anymore

@starling114
Copy link

starling114 commented Nov 20, 2025

@fednerpolymarket @JonathanAmenechi Could you please guys check this PR? It does fixes an issue with post_order throwing Unauthorized/Invalid api key

@felix5572
Copy link

felix5572 commented Nov 21, 2025

same issue. @cullenwatson

and Remember to import json

@noahverner1995
Copy link

noahverner1995 commented Nov 21, 2025

OH MY GOD THANK YOU SO MUCH FOR THIS WELL NEEDED PR @cullenwatson DEV.

Basically the Python client was doing

# from hmac.py file
if body:
    # old behavior
    message += str(body).replace("'", '"')

So the HMAC was computed over a non-canonical string representation of the body ("{'price': '0.3', 'size': 5}" style), which doesn’t match the canonical JSON used by the Go/TS servers. Result: the server thinks the signature is wrong and replies with:

{"error":"Unauthorized/Invalid api key"}

By changing hmac.py file with these few lines

import json
if body:
    message += json.dumps(body, separators=(",", ":"))

The server gets what it expects

I can confirmed it worked after modifying it. I'm no longer getting this API Exception when placing trades:

[order] PolyApiException: PolyApiException[status_code=401, error_message={'error': 'Unauthorized/Invalid api key'}]

@lightyLi
Copy link

lightyLi commented Nov 22, 2025

Some issue, it works for me. Thanks

@fednerpolymarket
Copy link
Contributor

fednerpolymarket commented Nov 22, 2025

Going to test this today

@fednerpolymarket
Copy link
Contributor

fednerpolymarket commented Nov 22, 2025

Thanks we'll get this merged

@cullenwatson
Copy link
Author

cullenwatson commented Nov 24, 2025

i wouldnt merge yet actually, trying now and it breaks other orders. interesting..

@fednerpolymarket
Copy link
Contributor

fednerpolymarket commented Nov 24, 2025

i wouldnt merge yet actually, trying now and it breaks other orders. interesting..

Hey, it'd be great to know which ones broke for you. And alright I'll add some more unit testing to see if I can find your issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@starling114 starling114 starling114 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@cullenwatson @starling114 @felix5572 @noahverner1995 @lightyLi @fednerpolymarket