POLY_1271 Signing Chain

For deposit wallet (sigtype 3 / POLY_1271) orders to work end-to-end, four conditions must hold:

The Full Chain

POST /auth/api-key or /auth/derive-api-key  → CLOB L1 auth
  POLY_ADDRESS = EOA
  POLY_SIGNATURE = standard 65-byte EOA ECDSA ClobAuth

POST /order (L2 HMAC)                       → CLOB HTTP gate
  POLY_ADDRESS = EOA → matches the EOA-bound L2 key ✓

signedOrderPayload {
  maker  = depositWallet
  signer = depositWallet     ← must equal maker for sigtype 3
  signatureType = 3
  signature = ERC-7739 wrapped order (636 hex chars)
}

CTFExchangeV2.isValidSignature(depositWallet, hash, wrappedSig)
  → deposit wallet validates EOA sig via ERC-1271 ✓

Step 1 — EOA-Bound CLOB API Key

The CLOB API key is EOA-bound in polygolem’s validated V2 path. Deposit-wallet identity is not carried by ClobAuth headers.

headers, err := auth.BuildL1HeadersFromPrivateKey(
    privateKeyHex, // EOA signs ClobAuth
    chainID, timestamp, nonce,
)
// POLY_ADDRESS = EOA
// POLY_SIGNATURE = standard 65-byte EOA ECDSA

The CreateOrDeriveAPIKeyForAddress and DeriveAPIKeyForAddress helpers retain their ownerAddress parameter for source compatibility, but the implementation ignores it and uses EOA-bound auth.

Step 2 — CLOB HTTP Gate

The CLOB checks POLY_ADDRESS in L2 HMAC headers against the L2 key. In polygolem’s validated V2 path, the L2 POLY_ADDRESS is the EOA. The deposit wallet appears in the order body instead.

Step 3 — Order Struct

{
  "order": {
    "maker": "0xDepositWallet",
    "signer": "0xDepositWallet",
    "signatureType": 3,
    "signature": "0x...636 chars..."
  }
}

The order signature is an ERC-7739 TypedDataSign wrapper: innerSig(65) || appDomainSep(32) || contents(32) || contentsType(186) || uint16BE(186) = 636 hex chars.

Step 4 — On-Chain Validation

The CTF Exchange V2 calls depositWallet.isValidSignature(hash, wrappedSig). The wallet unwraps the ERC-7739 envelope, verifies the EOA signature, and returns 0x1626ba7e (ERC-1271 magic value).

CLOB Auth vs Order Signing

Aspect	CLOB auth	Order (POLY_1271)
Signature	Standard 65-byte EOA ECDSA ClobAuth	ERC-7739 wrapped order (636 chars)
Outer domain	ClobAuthDomain v1	Polymarket CTF Exchange v2
POLY_ADDRESS	EOA	EOA in L2 headers; deposit wallet in order maker/signer
Purpose	Authenticate HTTP requests	Authorize trade

See Also

• Deposit Wallets — wallet architecture
• Smart Contracts — factory and exchange addresses
• CLOB API — order placement endpoints