# API Basics
source: https://developer.mastercard.com/merchant-match-tool/documentation/api-basics/index.md

## Authentication {#authentication}

The MMT API will be accessed through the Mastercard Developers API Gateway, which uses the OAuth standard for access delegation.

### In short {#in-short}

* Mastercard uses OAuth 1.0a for authenticating client applications
* Requests with a body must be signed using the Google Request Body Hash extension for OAuth
* OAuth Keys for your project can be set up in your dashboard
* Client authentication libraries can be found on GitHub, with how-to information provided in README.md files

### OAuth keys \& authentication libraries {#oauth-keys--authentication-libraries}

For further details, refer to [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis/)

## Encryption {#encryption}

All requests are made via HTTPS. The connection from the API Gateway to the end service is encrypted by mutual Secure Sockets Layer (SSL).

## Direct API Integration {#direct-api-integration}

Many organizations have their own libraries and protocols they use to connect with 3rd party APIs, and you can connect to the MMT API without using the provided SDK if you need this flexibility. Mastercard provide lightweight signing libraries that take care of the authentication for you. In combination with the Open API specification for MMT and the signer library for your chosen language you can connect to MMT without relying on the MMT SDK. Please refer to the [Connect using Swagger](https://developer.mastercard.com/merchant-match-tool/tutorial/connect-using-api/index.md) tutorial for more information, and you can download the MMT Open API specification from [here](https://developer.mastercard.com/merchant-match-tool/documentation/api-reference/index.md#apis)

## Conventions {#conventions}

The MMT API is a Representational state transfer (REST) API, which sends requests and receives responses in JavaScript Object Notation (JSON) format. To ensure the best experience integrating with this service please familiarize yourself with the following conventions:

|           Area            |                                  Description                                   |
|---------------------------|--------------------------------------------------------------------------------|
| Terminology               | A glossary that explains the terminology used throughout the MMT documentation |
| Error Responses           | Detailed descriptions of how errors are reported from the MMT service          |
| Merchant Matching Process | Important information that is helpful for understanding the payment process    |

This solution contains two API's, one for single search and one for multiple search. For single query API, each client is allowed to send up to 5 concurrent requests at a time. Any additional requests (up to 10) will be put in the queue. For multi-query API, only 1 request per client will be processed at a time. Any additional multi-query request sent at the same time by the same client while another one is being processed, will be rejected. Also, the number of queries allowed within each multi-query API request is limited to 100.