# API Basics
source: https://developer.mastercard.com/mastercard-processing-credit/documentation/api-basics-section/index.md

## Overview {#overview}

The Mastercard Processing Credit APIs follow Representational State Transfer (REST) principles. The APIs have predictable resource-oriented URLs, accept JavaScript Object Notation ([JSON](https://www.json.org/json-en.html)) request bodies, return JSON-encoded responses, and use standard Hypertext Transfer Protocol (HTTP) response codes, authentication, and verbs.

The Mastercard Processing Credit APIs send `POST`, `PUT`, and `GET` requests to endpoints (for example, `/tokens`) and HTTP response codes to indicate status and errors.

The Mastercard Processing APIs use HTTPS to ensure data privacy, but HTTPS with TLS versions below v1.2 is not supported. All `POST`, `PUT`, and `GET` requests must include the header `Content-Type` of `application/json;charset=utf-8`, and the body for all requests must be a valid JSON object.

## Correlation-ID {#correlation-id}

The Mastercard Processing platform dynamically generates a universally unique identifier (UUID) and assigns it to the request header `X-MC-Correlation-ID`. The UUID is always added to the response header to provide end-to-end traceability within the Mastercard network.

In addition to the `X-MC-Correlation-ID`, you can generate your request identifier and pass it in the `Correlation-ID` header for end-to-end traceability. For example, a request originated from your mobile application and then sent to multiple components before calling our API. It is recommended to generate a UUID in compliance with [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122).