Polymarket CLOB L2 (HMAC) authentication.
Once a wallet holds API credentials (Polymarket.Schemas.Credentials, obtained
via the L1 flow in Polymarket.Clob.ClobAuth), every authenticated request is
signed with an HMAC-SHA256 over "{timestamp}{METHOD}{path}{body}", keyed by the
base64url-decoded secret. The resulting headers prove the request came from the
credential holder.
Headers produced: POLY_ADDRESS (EIP-55 checksummed), POLY_API_KEY,
POLY_PASSPHRASE, POLY_SIGNATURE, POLY_TIMESTAMP.
Summary
Functions
Builds the five L2 headers authenticating a method request to path carrying
body at timestamp (Unix seconds), for the wallet address and credentials.
Computes the base64url HMAC-SHA256 signature for the L2 message.
Functions
@spec headers( <<_::160>>, Polymarket.Schemas.Credentials.t(), String.t(), String.t(), binary(), integer() ) :: [{String.t(), String.t()}]
Builds the five L2 headers authenticating a method request to path carrying
body at timestamp (Unix seconds), for the wallet address and credentials.
body must be the exact bytes sent on the wire — the HMAC covers it verbatim
(single quotes are normalised to double quotes, mirroring the reference client).
Computes the base64url HMAC-SHA256 signature for the L2 message.
message is "{timestamp}{method}{path}{body}". secret is the base64url API
secret, decoded to form the HMAC key exactly as the server does.