Authentication
Personal Access Tokens (PATs) for secure, scoped API access
How it works
Poll.fun uses Personal Access Tokens (PATs) for API authentication. Tokens are scoped, meaning they only grant access to the permissions you explicitly allow. All tokens are prefixed with polld_ for easy identification.
Create
Generate PAT
Attach
Authorization Header
Validate
Scope Check
Access
API Response
Tokens are passed via the Authorization header:
Authorization: Bearer polld_xxxxxScopes
Click a scope to see which endpoints it covers.
| Scope | Description | Access Level |
|---|---|---|
read | Browse bets, view portfolio, leaderboard, and notifications | Read-only access to all public and personal data |
bet:write | Create bets, place wagers, vote, settle, comment, and react | Full bet lifecycle management |
user:write | Update display name and profile settings | Modify personal profile information |
social:write | Manage friends and favourites | Add/remove friends and favourite bets |
wallet:read | View wallet balances and transaction history | Read-only wallet and balance data |
Security boundaries
The following actions are intentionally excluded from PAT access for security reasons:
- ×Wallet private key access
- ×Direct fund transfers or withdrawals
- ×Account deletion
- ×Email or password changes
- ×Admin or moderation actions
Token management
Manage tokens through the web UI at poll.fun/settings or via CLI:
# Create a token with specific scopes
poll auth token create --name "My Bot" --scopes read,bet:write
# List all active tokens
poll auth token list
# Revoke a token
poll auth token revoke <token-id>