Skip to content

Fix: regenerate HMAC headers for each pagination request#210

Closed
taetaehoho wants to merge 1 commit intoPolymarket:mainfrom
taetaehoho:fix/pagination-hmac-signature-expiry
Closed

Fix: regenerate HMAC headers for each pagination request#210
taetaehoho wants to merge 1 commit intoPolymarket:mainfrom
taetaehoho:fix/pagination-hmac-signature-expiry

Conversation

@taetaehoho
Copy link
Copy Markdown

@taetaehoho taetaehoho commented Dec 18, 2025
edited by cursor Bot
Loading

Overview

Fix HMAC signature expiry during pagination in get_trades(), get_orders(), and get_builder_trades() methods.

Description

The paginated methods generate HMAC authentication headers once before the pagination loop, then reuse them for all subsequent requests. Since HMAC signatures include a timestamp and have a server-side validity window (~60 seconds), this causes 401 Unauthorized errors when:

  • Users have many trades/orders requiring multiple pagination requests
  • The total fetch time exceeds the HMAC signature validity period

Example: A user with 70,000+ trades needs ~230 pagination requests. Using the same headers for all requests eventually causes the signature to expire mid-pagination.

Fix: Move create_level_2_headers() call inside the while loop so each pagination request gets fresh headers with a current timestamp.

Testing

  • Tested with account having 69,000+ trades - successfully fetches all trades without 401 errors
  • Existing test suite passes (102 tests)
  • Linter (black) passes

Is this a breaking change?

  • Yes
  • No

Type

  • Bug (correction to existing behavior)
  • Feature (brand new functionality)
  • Maintenance (documentation, tests, dependencies, etc)

Note

Regenerates Level 2/builder auth headers inside pagination loops for get_orders, get_trades, and get_builder_trades to prevent signature expiry.

  • Client (pagination auth):
    • get_orders, get_trades: move create_level_2_headers inside the while loop to refresh HMAC per page.
    • get_builder_trades: regenerate builder headers each iteration via _get_builder_headers.
    • Adds brief comments explaining header regeneration to avoid signature expiry.

Written by Cursor Bugbot for commit 4b26a8f. This will update automatically on new commits. Configure here.

@taetaehoho
Fix: regenerate HMAC headers for each pagination request
4b26a8f 
The get_trades, get_orders, and get_builder_trades methods generate
HMAC authentication headers once before the pagination loop, then
reuse them for all subsequent requests. Since HMAC signatures include
a timestamp and have a validity window on the server, this causes
401 Unauthorized errors when pagination takes longer than the
signature validity period.

This is particularly problematic for users with many trades/orders
who require multiple pagination requests to fetch all data.

The fix moves header generation inside the pagination loop so each
request gets fresh headers with a current timestamp.

Affected methods:
- get_trades()
- get_orders()
- get_builder_trades()
@taetaehoho taetaehoho requested a review from a team as a code owner December 18, 2025 08:41
@taetaehoho taetaehoho closed this by deleting the head repository Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@taetaehoho