Non-Custodial by Design
Capital and positions remain in the user’s own Polymarket account at all times. Flowlayer reads market data, computes scores, and—only when the user opts in—places or cancels orders. It can never move funds out of the account.At no tier can Flowlayer withdraw funds, transfer assets, or take ownership of positions.
Access by Mode
Insights
Read-only. Public market data and, optionally, read access to positions for analytics. No write access and no order placement.
Delegated Execution
Scoped write access to place and cancel orders only, granted through a credential the user controls and can revoke at any time. It powers automated entry and auto-exit, has no withdrawal capability, and every exit honors the user’s slippage limit.
Client-Side
Session-bound. Logic runs in the user’s own browser with their approval. Nothing executes outside an active session.
Credential Handling
For users who enable delegated execution:Scoped credentials only
Flowlayer requests the narrowest credential that allows placing and cancelling orders—never one that permits withdrawal—within what Polymarket’s API allows.
Revocable at any time
Access can be revoked instantly from the account, which stops all automation immediately.
A Note on API Terms
Whether delegated execution is possible, and how far it can go, depends on what Polymarket’s API permits a third party to do with an account. Flowlayer will ship delegated features only within those terms. Until that scope is confirmed, the advisory and alert experience—which requires no write access—is the foundation everything else builds on.Open question to resolve before Tranche 2: confirm precisely what Polymarket’s API permits a third party to do on a user’s behalf. That answer determines whether server-side automation, client-side automation, or both are viable.