# API Basics
source: https://developer.mastercard.com/mastercard-processing-debit/documentation/api-basics-section/index.md

## Overview {#overview}

The Mastercard Processing APIs follow Representational State Transfer (REST) principles. The APIs have predictable resource-oriented URLs, accept JavaScript Object Notation ([JSON](https://www.json.org/json-en.html)) request bodies, return JSON-encoded responses, and use standard Hypertext Transfer Protocol (HTTP) response codes, authentication, and verbs.

The Mastercard Processing APIs send `POST`, `GET`, `PUT`, and `PATCH` requests to endpoints (for example, `/accounts`) and HTTP response codes to indicate status and errors.

The Mastercard Processing APIs use HTTPS to ensure data privacy, but HTTPS with TLS versions below v1.2 is not supported. All `POST`, `GET`, and `PUT` requests must include the header `Content-Type` of `application/json;charset=utf-8`, and `PATCH` requests must include the header `Content-Type` of `application/merge-patch+json;charset=utf-8`. The body for all requests must be a valid JSON object.

## Correlation-ID {#correlation-id}

The Mastercard Processing platform dynamically generates a universally unique identifier (UUID) and assigns it to the request header `X-MC-Correlation-ID`. The UUID is always added to the response header to provide end-to-end traceability.

In addition to the `X-MC-Correlation-ID`, you can generate your request identifier and pass it in the `Correlation-ID` header. It is recommended to generate a UUID in compliance with [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122).