Skip to main content

Non-Custodial by Design

Capital and positions remain in the user’s own Polymarket account at all times. Flowlayer reads market data, computes scores, and—only when the user opts in—places or cancels orders. It can never move funds out of the account.
At no tier can Flowlayer withdraw funds, transfer assets, or take ownership of positions.

Access by Mode

Insights

Read-only. Public market data and, optionally, read access to positions for analytics. No write access and no order placement.

Delegated Execution

Scoped write access to place and cancel orders only, granted through a credential the user controls and can revoke at any time. It powers automated entry and auto-exit, has no withdrawal capability, and every exit honors the user’s slippage limit.

Client-Side

Session-bound. Logic runs in the user’s own browser with their approval. Nothing executes outside an active session.

Credential Handling

For users who enable delegated execution:
1

Scoped credentials only

Flowlayer requests the narrowest credential that allows placing and cancelling orders—never one that permits withdrawal—within what Polymarket’s API allows.
2

Revocable at any time

Access can be revoked instantly from the account, which stops all automation immediately.
3

Transparent action log

Every automated action is logged and visible to the user for full auditability.
Delegated execution is a meaningful grant of trust. It allows Flowlayer to trade a position, though never to withdraw funds. A poor exit or a missed action during an outage carries real consequences, which is why delegated execution is opt-in, clearly disclosed, and never the default.

A Note on API Terms

Whether delegated execution is possible, and how far it can go, depends on what Polymarket’s API permits a third party to do with an account. Flowlayer will ship delegated features only within those terms. Until that scope is confirmed, the advisory and alert experience—which requires no write access—is the foundation everything else builds on.
Open question to resolve before Tranche 2: confirm precisely what Polymarket’s API permits a third party to do on a user’s behalf. That answer determines whether server-side automation, client-side automation, or both are viable.