# API Basics
source: https://developer.mastercard.com/merchant-self-services/documentation/api-basics/index.md

## API Security {#api-security}

### Client authentication {#client-authentication}

The Merchant Self Services API is a RESTful API with OAuth security. For all environments, your API requests must have an OAuth 1.0a Authorization Header for authentication.

Generate the OAuth 1.0a Authorization Header using the appropriate Signing Key and Consumer Key. You can implement your own OAuth 1.0a header or use the relevant Mastercard OAuth libraries (available on [GitHub](https://github.com/Mastercard?utf8=%E2%9C%93&q=oauth)). For guidance, see the *README.md* file included with the libraries.

For detailed information on using OAuth 1.0a with the Merchant Self Services API and generating Authorization Headers, see [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis).

### Transport encryption {#transport-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data are encrypted by default when transmitted across networks.

## How to Consume the Merchant Self Services API {#how-to-consume-the-merchant-self-services-api}

Here are a couple different ways you can integrate with the Merchant Self Services API:

* Use a generated API client (recommended)
* Use a method of your choice

### Generate your own API client {#generate-your-own-api-client}

Create customizable API clients from the Merchant Self Services API specification and let Mastercard open-source client libraries handle the authentication for you. We recommend this approach since it offers the most flexibility.

To do this, follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial using the Merchant Self Services API specification:

* [merchant-self-serve-api-spec.yml](https://static.developer.mastercard.com/content/merchant-self-services/swagger/merchant-self-serve-api-spec.yml) (137KB)

<br />

To view and interact with the Merchant Self Services API specification in a swagger viewer, see the [API Reference](https://developer.mastercard.com/merchant-self-services/documentation/api-reference/index.md#apis).

### Use a method of your choice {#use-a-method-of-your-choice}

Merchant Self Services API exposes a REST API. You can use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) for signing your requests.

To do this, see the Merchant Self Services API [REST API Reference](https://developer.mastercard.com/merchant-self-services/documentation/api-reference/index.md).

## Environments {#environments}

This table describes the environments that are available for the Merchant Self Services API:

| Environment |                                                                                                                                                                                                                                                                                        Description                                                                                                                                                                                                                                                                                        |
|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox     | Early access environment containing limited-capability mock APIs, intended to help integrate new clients. The Sandbox contains sample static data and returns mock responses for a defined request. The JSON sample can be used as a reference for sending requests and receiving responses. You can also see our article on [Testing](https://developer.mastercard.com/merchant-self-services/documentation/testing/index.md) for examples of different types of test cases that you can use in your Sandbox. **URL:** <https://sandbox.api.ethocaweb.com/ethoca/merchant-self-services> |
| Production  | Full production environment containing the latest production API release. This environment contains actual merchant data. **URL:** <https://api.ethocaweb.com/ethoca/merchant-self-services>                                                                                                                                                                                                                                                                                                                                                                                              |

## Matching Logic Recommendations {#matching-logic-recommendations}

Ethoca employs various types of matching logic when it comes to matching a merchant to the provided `cardAcceptorName`. The default logic used for matching is a `<STARTS-WITH>` and applies when no matching prefix is provided. This means that if an issuer provides a descriptor that starts with the `cardAcceptorName` you provided, we consider this a match. We recommend this logic for the majority of `cardAcceptorName` entries.

When applicable, we also use an `<EXACT>` matching logic. If the descriptors you utilize have no variation or possibility of colliding with another merchant's descriptor, you might want to use this logic. For example, if your entry is `<EXACT>Ethoca Videos`, only descriptors that match this exactly are returned. A descriptor of "*Ethoca \* Videos*" isn't considered a match.

Another match type is `<STRICT-CONTAINS>`. This is a more restrictive form of `<CONTAINS>` where the match depends on a prefix, suffix, and delimiter surrounding the `cardAcceptorName`. This matching type can only be set by Ethoca if it's determined that `<STARTS-WITH>` and `<EXACT>` are undermatching.

The last match type is `<CONTAINS>`. If your `cardAcceptorName` entry is contained in any part of the descriptor, it's considered a match. This should only be used in situations where a `cardAcceptorName` is unique and would not be mistaken for another merchant's `cardAcceptorName`. This matching type can only be set by Ethoca if it's determined that `<STARTS-WITH>`, `<EXACT>`, and `<STRICT-CONTAINS>` are undermatching.

All of the matching logic provided is case insensitive. If you have additional questions about the matching logic or which logic you should use, contact the [Ethoca Customer Delivery Team](mailto:customerdelivery@ethoca.com).

## Next Steps {#next-steps}

* Use our [Tutorials](https://developer.mastercard.com/merchant-self-services/documentation/tutorials-and-guides/index.md) to quickly connect and start making calls to the Merchant Self Services API in a sandbox environment.
* If you already created a project and have your keys, you can go through the [Reference Application Tutorial](https://developer.mastercard.com/merchant-self-services/documentation/tutorials-and-guides/reference-app-tutorial/index.md) for step-by-step guidance in making API calls to the Merchant Self Services API service.