# Connectivity Requirements source: https://developer.mastercard.com/mdes-pre-digitization/documentation/configuring-services/connectivity-reqs/index.md The Pre-Digitization API is designed for use over http on the internet with JSON for data formatting. It uses two layers of encryption for securing the data: * All communication between the MDES Pre-Digitization APIs and the issuer's servers are secured using mutually authenticated TLS. * API request/response level encryption with ephemeral session key to strengthen the security of PCI sensitive payload (PAN) and Personally Identifiable Information (PII), which is sent without masking (e.g., Cardholder's billing address and geolocation data). The Issuer Public Key Certificate used for the API request/response level encryption as well as the Pre-Digitization API endpoints are on-boarded by the Issuer with Mastercard Developers. Mastercard Developers supports default Pre-Digitization API endpoints configuration at the CID (Customer Identifier) level. The configuration consists of a hostname (with port number, if required) and context root for all the Pre-Digitization API endpoints of an issuer. Upon issuer's request, the default configuration can be overwritten by a CIS operator *at the BIN range level*. Thus, issuers can delegate the processing of Pre-digitization APIs for consumer authentication to different web servers for an entire portfolio, for example, Debit vs. Credit. ![Multiple Processing](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/multiple-processinv2.png) Processors/Issuers should be aware that they cannot yet: * Setup the Pre-Digitization API endpoints at the account range level. Thus, processors that are set up on 6-digit BIN Ranges cannot setup separate endpoints for Mastercard "small" issuers on 7, 8, 9 digits account ranges. * Setup the Pre-Digitization API endpoints at the API level. Thus, there can be a single Service Provider to whom the issuer may outsource the entire Message Profile. Issuers cannot assign separate web servers for answering different API calls, for example, an Authentication Service Provider manages the Activation Methods List server for RequestActivationMethods (RAM), while a Telecom Service Provider manages the Activation Code distribution channels server for the DeliverActivationCode (DAC) for APIs in the same Messaging Profile.