PeerTupeer API Reference

v1.0 · REST API · JSON

Introduction

The PeerTupeer API allows you to programmatically submit gift card trades, check rates, manage withdrawals, and receive real-time webhook notifications. All API responses are in JSON format.

Authentication

All API requests (except public endpoints) require an API key passed in the X-API-Key header.

X-API-Key: ptp_live_your_api_key_here

Generate API keys from your Merchant Dashboard → API Keys.

Base URL

https://app.peertupeer.com/api/v1

For sandbox testing, use the same base URL but with a sandbox API key (prefixed with ptp_test_).

Rate Limits

API requests are limited to 100 requests per minute per API key. Exceeding this limit returns a 429 Too Many Requests response.

Error Handling

All errors return a JSON object with success: false and a descriptive message.

{
  "success": false,
  "message": "Invalid API key or unauthorized access."
}

GET /rates

Returns all active exchange rates. No authentication required.

GET/api/v1/rates.php

curl https://app.peertupeer.com/api/v1/rates.php

$response = file_get_contents('https://app.peertupeer.com/api/v1/rates.php');
$data = json_decode($response, true);

const res = await fetch('https://app.peertupeer.com/api/v1/rates.php');
const data = await res.json();

Trades

GET /trades — List Trades

GET/api/v1/trades.php

curl https://app.peertupeer.com/api/v1/trades.php \
  -H "X-API-Key: ptp_live_your_key"

POST /trades — Create Trade

POST/api/v1/trades.php

Parameter	Type	Required	Description
`card_type_id`	integer	Yes	Card type ID from /rates
`country`	string	Yes	Country (e.g. "USA")
`currency`	string	Yes	Currency (e.g. "USD")
`card_amount`	float	Yes	Face value of card
`quantity`	integer	No	Number of cards (default: 1)
`notes`	string	No	Additional notes
`card_number`	string	No	Card number or PIN (optional, stored securely)
`front_image`	file	Yes	Front image of card
`back_image`	file	Yes	Back image of card
`receipt_image`	file	No	Purchase receipt image (optional)

curl -X POST https://app.peertupeer.com/api/v1/trades.php \
  -H "X-API-Key: ptp_live_your_key" \
  -F "card_type_id=1" \
  -F "country=USA" \
  -F "currency=USD" \
  -F "card_amount=100" \
  -F "front_image=@/path/to/front.jpg" \
  -F "back_image=@/path/to/back.jpg" \
  -F "card_number=XXXX-XXXX-XXXX" \
  -F "receipt_image=@/path/to/receipt.jpg" \
  -F "notes=Optional notes here"

Response:

{
  "success": true,
  "message": "Trade submitted successfully.",
  "data": {
    "reference": "PTP1A2B3C4D5E",
    "status": "pending",
    "card_amount": 100,
    "currency": "USD",
    "gross_payout_ghs": 850.00,
    "fee_ghs": 21.25,
    "net_payout_ghs": 828.75
  }
}

GET /trade-status — Check Trade

GET/api/v1/trade-status.php?reference=PTP123

curl "https://app.peertupeer.com/api/v1/trade-status.php?reference=PTP1A2B3C4D5E" \
  -H "X-API-Key: ptp_live_your_key"

GET /wallet — Wallet Balance

GET/api/v1/wallet.php

curl https://app.peertupeer.com/api/v1/wallet.php \
  -H "X-API-Key: ptp_live_your_key"

Withdrawals

POST /withdrawals — Create Withdrawal

POST/api/v1/withdrawals.php

curl -X POST https://app.peertupeer.com/api/v1/withdrawals.php \
  -H "X-API-Key: ptp_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 500,
    "method": "mtn_momo",
    "account_name": "John Doe",
    "account_number": "0241234567"
  }'

Webhooks

Webhooks are HTTP POST requests sent to your endpoint when events occur. Verify the signature using the X-PeerTupeer-Signature header.

// PHP webhook verification
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_PEERTUPEER_SIGNATURE'] ?? '';
$expected = hash_hmac('sha256', $payload, YOUR_WEBHOOK_SECRET);
if (!hash_equals($expected, $signature)) {
    http_response_code(401);
    exit('Invalid signature');
}
$event = json_decode($payload, true);

Rate Update Callbacks

Subscribe to receive a webhook notification whenever a rate is updated on the platform. This lets your integration stay in sync with current rates without polling.

The rate.updated event is sent to all subscribed URLs whenever an admin changes a rate.

GET /rate-updates — List Subscriptions

GET/api/v1/rate-updates.php

curl https://app.peertupeer.com/api/v1/rate-updates.php \
  -H "X-API-Key: ptp_live_your_key"

POST /rate-updates — Subscribe

POST/api/v1/rate-updates.php

Parameter	Type	Required	Description
`url`	string	Yes	Your callback URL to receive rate updates

curl -X POST https://app.peertupeer.com/api/v1/rate-updates.php \
  -H "X-API-Key: ptp_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://yoursite.com/webhooks/rates"}'

Response:

{
  "success": true,
  "message": "Rate update subscription created.",
  "data": {
    "webhook_id": 5,
    "url": "https://yoursite.com/webhooks/rates",
    "event": "rate.updated",
    "secret": "your_webhook_secret"
  }
}

DELETE /rate-updates — Unsubscribe

DELETE/api/v1/rate-updates.php?id=5

curl -X DELETE "https://app.peertupeer.com/api/v1/rate-updates.php?id=5" \
  -H "X-API-Key: ptp_live_your_key"

rate.updated Webhook Payload

When a rate changes, your callback URL receives a POST request with this payload:

{
  "event": "rate.updated",
  "timestamp": "2026-05-25T10:30:00Z",
  "data": {
    "card_type_id": 1,
    "card_name": "Amazon",
    "country": "USA",
    "currency": "USD",
    "rate_per_unit": 8.75,
    "platform_fee_pct": 2.5,
    "updated_at": "2026-05-25 10:30:00"
  }
}

Verify the signature using the X-PeerTupeer-Signature header (same as other webhooks).

Sandbox Testing

Use sandbox API keys (prefixed with ptp_test_) to test without real transactions.

GET/api/v1/sandbox.php?action=test-cards

curl "https://app.peertupeer.com/api/v1/sandbox.php?action=test-cards"