# API Basics
source: https://developer.mastercard.com/mastercard-processing-fraud/documentation/api-basics-section/index.md

## Overview {#overview}

The Mastercard Processing Fraud APIs follow Representational State Transfer (REST) principles. The APIs have predictable resource-oriented URLs, accept JavaScript Object Notation ([JSON](https://www.json.org/json-en.html)) request bodies, return JSON-encoded responses, and use standard Hypertext Transfer Protocol (HTTP) response codes, authentication, and verbs.

The Mastercard Processing Fraud APIs send `PUT` and `GET` requests to endpoints (for example, `/contracts`) and HTTP response codes to indicate status and errors.

The Mastercard Processing Fraud APIs use HTTPS to ensure data privacy, but HTTPS with TLS versions below v1.2 is not supported. All `PUT` and `GET` requests must include the header `Content-Type` of `application/json;charset=utf-8`, and the body for all requests must be a valid JSON object.

## Correlation-ID {#correlation-id}

The Mastercard Processing platform dynamically generates a universally unique identifier (UUID) and assigns it to the request header `X-MC-Correlation-ID`. The UUID is always added to the response header to provide end-to-end traceability.

In addition to the `X-MC-Correlation-ID`, you can generate your request identifier and pass it in the `Correlation-ID` header. It is recommended to generate a UUID in compliance with [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122).