{
  "status": "<string>",
  "eoa_address": "<string>",
  "safe_address": "<string>",
  "api_key": "<string>"
}

Polymarket Onboarding

Derive Polymarket CLOB credentials

Given your EOA private key, the server hits Polymarket’s auth endpoints to derive (or fetch) your CLOB HMAC credentials, stores them, and returns the public-safe metadata. Run this once per user before your first Polymarket order.

Your private key is used in-memory by the server only to perform the derivation and is not persisted. For maximum trust, you can call derivePolymarketCredentials() from the SDK which is equivalent.

POST

api

polymarket

derive-credentials

{
  "status": "<string>",
  "eoa_address": "<string>",
  "safe_address": "<string>",
  "api_key": "<string>"
}

Authorizations

X-API-Key

string

header

required

Your API key (get one from the test-key endpoint above)

Body

application/json

private_key

string<password>

required

EOA private key, hex without 0x prefix. Used in-memory only; not persisted.

Response

Credentials derived and stored

status

string

required

eoa_address

string

required

safe_address

string

required

Polymarket Gnosis Safe (proxy) address.

api_key

string

required

CLOB HMAC API key ID. The HMAC secret is stored server-side and never returned.

List connected exchanges Verify Polymarket credentials