POST /api/v1/user/login - PontisGlobe API

POST /api/v1/user/login

Headers

Header	Required	Notes
`x-api-key`	yes	Your API key
`x-timestamp`	yes	Unix seconds, current ±5 min
`x-signature`	yes	HMAC-SHA256(`${timestamp}.${encrypted_body}`, HMAC secret)
`content-type`	yes	`application/json`

Request body

{ "data": "<aes-256-gcm encrypted blob of the payload below>" }

Decrypted payload:

Field	Type	Required	Notes
`email`	string	yes	The owner email on the consumer account
`password`	string	yes	The owner’s password

Example request

The snippets below assume you’ve already encrypted the body and computed the signature — see the Quickstart for the full helper in Node and Python.

const login = await call('/api/v1/user/login', {
  email: 'you@example.com',
  password: 'YOUR_PASSWORD',
})

Responses

200 — Success

{
  "ok": true,
  "data": {
    "access_token": "eyJhbGciOi...",
    "token_type": "Bearer",
    "expires_in": 900
  }
}

Pass access_token as Authorization: Bearer <token> on subsequent requests.

401 — unauthorized

Wrong email/password, or account suspended.

{
  "ok": false,
  "request_id": "01J9F5Z4X7Y3K2B1Q0M8N7V6T5",
  "error": {
    "code": "unauthorized",
    "message": "Invalid credentials. Make sure the email, password, and API key all belong to the same user account."
  }
}

429 — rate_limited

Too many login attempts (scoped per consumer + mode).

{
  "ok": false,
  "request_id": "01J9F5Z4X7Y3K2B1Q0M8N7V6T5",
  "error": { "code": "rate_limited", "message": "Too many login attempts. Try again later." }
}

500 — internal_error

Account misconfiguration — contact support with request_id. See Errors for the full envelope shape and full code list.

​Headers

​Request body

​Example request

​Responses

​200 — Success

​401 — unauthorized

​429 — rate_limited

​500 — internal_error

Headers

Request body

Example request

Responses

200 — Success

401 — unauthorized

429 — rate_limited

500 — internal_error