Skip to main content
This guide walks you from “I just got credentials” to “I just received a successful transaction response.”

1. Get your credentials

After signing up at pontisglobe.com and completing KYC, open Developer Tools to find:
FieldWhat it’s for
API KeyIdentifies your account. Sent as the x-api-key header.
Encryption SecretAES-256-GCM key used to encrypt the request body.
HMAC SecretHMAC-SHA256 key used to sign each request and to verify our callbacks.
Treat all three secrets like passwords. They give full access to your account. If a value leaks, use Regenerate All Credentials immediately.

2. Set up the request helper

Each call does three things: encrypt the body with AES-256-GCM, sign timestamp + "." + encrypted_body with HMAC-SHA256, then POST. Pick your language — the snippet below is a self-contained helper you can drop in and call from anywhere in your code. 
import { createCipheriv, createHmac, randomBytes } from 'node:crypto'

const BASE_URL = 'https://api.pontisglobe.com'
const API_KEY = 'YOUR_API_KEY'
const ENC_SECRET = 'YOUR_ENCRYPTION_SECRET'   // base64url
const HMAC_SECRET = 'YOUR_HMAC_SECRET'         // base64url

function encrypt(plain) {
  const key = Buffer.from(ENC_SECRET, 'base64url')
  const iv = randomBytes(12)
  const c = createCipheriv('aes-256-gcm', key, iv)
  const ct = Buffer.concat([c.update(JSON.stringify(plain), 'utf8'), c.final()])
  return [iv, c.getAuthTag(), ct].map((b) => b.toString('base64url')).join(':')
}

export async function call(path, body, jwt = null) {
  const ts = String(Math.floor(Date.now() / 1000))
  const enc = encrypt(body)
  const sig = createHmac('sha256', Buffer.from(HMAC_SECRET, 'base64url'))
    .update(`${ts}.${enc}`)
    .digest('hex')
  const headers = {
    'content-type': 'application/json',
    'x-api-key': API_KEY,
    'x-timestamp': ts,
    'x-signature': sig,
  }
  if (jwt) headers['authorization'] = `Bearer ${jwt}`
  const res = await fetch(`${BASE_URL}${path}`, {
    method: 'POST',
    headers,
    body: JSON.stringify({ data: enc }),
  })
  return { status: res.status, body: await res.json() }
}

3. Log in

const login = await call('/api/v1/user/login', {
  email: 'you@example.com',
  password: 'YOUR_PASSWORD',
})
const jwt = login.body.data.access_token
Response: 
{
  "ok": true,
  "data": {
    "access_token": "eyJhbGciOi...",
    "token_type": "Bearer",
    "expires_in": 900
  }
}

4. Send a transaction

import { randomUUID } from 'node:crypto'

const created = await call('/api/v1/payouts/sendPayoutRequest', {
  idempotency_key: randomUUID(),
  country_code: 'PH',
  currency_code: 'PHP',
  payment_method: 'bank_local',
  source_amount: '10.00',
  source_currency: 'USDT',
  recipient_details: { name: 'Juan dela Cruz', account_number: '1234567890' },
}, jwt)
Response: 
{
  "ok": true,
  "data": {
    "transaction_id": "029b2038-6166-4bea-80a9-f1a2425a85eb",
    "status": "pending"
  }
}

5. Get the status

const txnId = created.body.data.transaction_id
const status = await call('/api/v1/payouts/getPayoutStatus', { transaction_id: txnId }, jwt)
Response: 
{
  "ok": true,
  "data": {
    "transaction_id": "029b2038-6166-4bea-80a9-f1a2425a85eb",
    "status": "completed",
    "status_message": null
  }
}

What to do next