Skip to main content
The Polymarket Trading Gateway provides a REST API for commands like order placement, cancellation, and authentication. This HTTP-based API is designed for trading actions and administrative tasks.
Streaming is required for real-time data: The REST API is for commands only. For market data, order updates, and position information, you must use the gRPC streaming API and maintain your own local database. REST lookup endpoints are provided as backup only and should not be polled regularly.
Best Practice: Use gRPC streaming to build and maintain a local database:
  1. gRPC Streaming (Primary):
    • Subscribe to market data for continuous order book updates
    • Subscribe to order stream for execution reports and fills
    • Subscribe to position stream for real-time position updates
    • Maintain local database with all updates
  2. REST API (Commands Only):
    • Authentication (registration, login, token refresh)
    • Place orders (INSERT, CANCEL)
    • Administrative actions
  3. REST Lookups (Backup Only):
    • Use only for recovery scenarios (e.g., reconnection after downtime)
    • Do not poll these endpoints regularly
    • Maintain your own history from streaming data
Learn more about gRPC Streaming →

Available Endpoints

Authentication

Registration, login, and token management:
  • One-time registration with JWT from account manager
  • Login with username and password
  • Token refresh and rotation
  • Optional MFA enrollment
Base Path: /auth/v1beta1 View Authentication Endpoints →

Trading

Place and cancel orders:
  • Insert new orders (market, limit, stop)
  • Cancel orders (single or bulk)
Base Path: /api/v1beta1 View Trading Endpoints →

Backup Lookups

Use only for recovery scenarios, not regular polling:
  • Account balances
  • Open orders
  • Current positions
  • Reference data
Do not poll these endpoints: Maintain your own local database from streaming data. These endpoints are for backup/recovery only.

Server Endpoints

API endpoints are accessed via AWS PrivateLink VPC connections. We recommend setting up CNAME aliases via Route53 Private Hosted Zone. This eliminates the need for Host headers and simplifies client configuration.
EnvironmentEndpoint
Preprodhttps://rest.preprod.polymarketexchange.com
Prodhttps://rest.prod.polymarketexchange.com
curl -X POST "https://rest.preprod.polymarketexchange.com/api/v1beta1/get_who_am_i" \
  -H "Authorization: YOUR_ACCESS_TOKEN"
See VPC Connection for CNAME setup instructions.

Alternative: Host Header

If you don’t use CNAME aliases, send requests to the PrivateLink URL with a Host header:
EnvironmentPrivateLink URLHost Header
Preprodhttps://traderapi.us-east-1.privatelink.preprod.polymarketexchange.comrest.preprod.polymarketexchange.com
Prodhttps://traderapi.us-east-1.privatelink.prod.polymarketexchange.comrest.prod.polymarketexchange.com
curl -X POST "https://traderapi.us-east-1.privatelink.preprod.polymarketexchange.com/api/v1beta1/get_who_am_i" \
  -H "Host: rest.preprod.polymarketexchange.com" \
  -H "Authorization: YOUR_ACCESS_TOKEN"
All endpoints require VPC connectivity. See VPC Connection for setup instructions.

Authentication

All API requests require authentication using access tokens. The authentication flow involves a one-time registration step followed by login.

One-Time Registration

  1. Request Registration JWT: Contact your account manager to receive a registration JWT
  2. Register: Call /auth/v1beta1/register with the JWT and a password you choose
curl -X POST "https://traderapi.us-east-1.privatelink.preprod.polymarketexchange.com/auth/v1beta1/register" \
  -H "Host: rest.preprod.polymarketexchange.com" \
  -H "Content-Type: application/json" \
  -d '{
    "token": "JWT_FROM_ACCOUNT_MANAGER",
    "password": "YOUR_CHOSEN_PASSWORD"
  }'
Registration is a one-time operation. After registering, use the login endpoint for all future authentication.

Login

After registration, authenticate using your username and password: 
curl -X POST "https://traderapi.us-east-1.privatelink.preprod.polymarketexchange.com/auth/v1beta1/login" \
  -H "Host: rest.preprod.polymarketexchange.com" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "YOUR_USERNAME",
    "password": "YOUR_PASSWORD"
  }'
Response: 
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "accessExpirationTime": "2025-01-15T11:00:00Z",
  "refreshExpirationTime": "2025-01-22T10:00:00Z"
}

Using the Access Token

Include the access token in the Authorization header for all API requests: 
curl -X POST "https://traderapi.us-east-1.privatelink.preprod.polymarketexchange.com/api/v1beta1/insert_order" \
  -H "Host: rest.preprod.polymarketexchange.com" \
  -H "Authorization: YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Refreshing Tokens

When your access token expires, use the refresh token to obtain a new one: 
curl -X POST "https://traderapi.us-east-1.privatelink.preprod.polymarketexchange.com/auth/v1beta1/refresh_access_token" \
  -H "Host: rest.preprod.polymarketexchange.com" \
  -H "Content-Type: application/json" \
  -d '{
    "refreshToken": "YOUR_REFRESH_TOKEN"
  }'
Learn more about Authentication →

Request Format

All POST requests use JSON payloads: 
{
  "symbol": "aec-nfl-buf-nyj-2025-01-15",
  "side": "SIDE_BUY",
  "order_qty": "10",
  "price": "0.55",
  "type": "ORDER_TYPE_LIMIT",
  "time_in_force": "TIME_IN_FORCE_GOOD_TILL_CANCEL",
  "clord_id": "client-order-123",
  "account": "your-account-id"
}

Response Format

Successful responses return JSON with HTTP status code 200: 
HTTP/1.1 200 OK
Content-Type: application/json

{
  "order_id": "1ABC2DEF3GHI4",
  "clord_id": "client-order-123",
  "status": "ACCEPTED"
}
Error responses include error details with appropriate HTTP status codes: 
HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "code": 3,
  "message": "INVALID_ARGUMENT",
  "details": "Unknown symbol"
}

Quick Start

Ready to get started? Follow our Getting Started Guide to:
  1. Request Trading Gateway access
  2. Receive your registration JWT
  3. Register and set your password
  4. Set up gRPC streaming connections
  5. Authenticate and place your first order

Next Steps

Getting Access

Request Trading Gateway credentials

gRPC Streaming

Set up streaming for real-time data

Place Orders

Start trading via REST API

Reference Data

Learn about instruments and symbols