Authentication
All API requests are authenticated using an API Key provided in the X-Api-Key HTTP header.
API Key Authentication
Include your API key in every request:
curl -H "X-Api-Key: your-api-key" https://polymarket.sandbox.playbatman.com/api/v1/markets
The API key is tied to your operator account. All resources created with this key are scoped to your operator.
Authenticated Routes
| Prefix | Operations |
|---|---|
/api/v1/markets | Create, update, open, close, resolve, settle markets |
/api/v1/categories | Create and list categories |
/api/v1/orders | Place, cancel, list orders |
/api/v1/positions | Query positions |
/api/v1/trades | Query trades |
/api/v1/settlements | Query settlements |
/api/v1/stats | Operator statistics |
/ws | WebSocket connection (via header or ?apiKey= query param) |
caution
Keep your API key secure. If compromised, contact a platform administrator to regenerate it. Regenerating immediately invalidates the previous key.
Public Routes
These routes require no authentication:
| Method | Path | Description |
|---|---|---|
GET | /health | Health check |
GET | /ready | Readiness check |
GET | /api/v1/categories/{id} | Get category by ID |
GET | /api/v1/markets/{id}/orderbook/{outcomeId} | Order book |
GET | /api/v1/markets/{id}/prices | Market prices |
GET | /api/v1/markets/{id}/prices/{outcomeId} | Outcome price |
Error Responses
If the API key is missing or invalid, you receive a 401 Unauthorized response:
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Missing or invalid API key"
}
}
If the operator account has been deactivated, requests are also rejected with 401.