Polymarket CLOB API credentials: the api_key, secret and passphrase
returned by GET /auth/derive-api-key and POST /auth/api-key, plus the
address of the EOA that owns them.
These authorise the L2 (HMAC) headers on every authenticated CLOB request, so
the secret and passphrase are sensitive. To avoid leaking them through logs
or crash reports, only api_key and address are shown when inspected.
address is the wallet that signed the L1 auth (the api-key owner) and is sent
as the POLY_ADDRESS L2 header. from_attrs/1 cannot know it — the
Polymarket.Clob auth functions populate it from the signing key — so it is
nil on a freshly parsed Credentials.
Summary
Functions
Builds a Credentials from the raw (JSON-decoded) attributes returned by the
CLOB auth endpoints. Keys may be camelCase (e.g. apiKey); they are
normalised to the struct's snake_case fields. Returns
{:error, :invalid_credentials} if any of the three string fields is missing.
Types
Functions
Builds a Credentials from the raw (JSON-decoded) attributes returned by the
CLOB auth endpoints. Keys may be camelCase (e.g. apiKey); they are
normalised to the struct's snake_case fields. Returns
{:error, :invalid_credentials} if any of the three string fields is missing.