# API Core Standards

This page describes the core standards that support the integration with our APIs. It covers supported data formats, HTTP methods, and security requirements for making secure and consistent API requests.

### Supported data format

All of the endpoints support JavaScript Object Notation ([JSON](https://en.wikipedia.org/wiki/JSON)) for both request and response data.

### HTTP methods

Each endpoint supports the standard [HTTP](https://en.wikipedia.org/wiki/HTTP) methods based on its purpose.

* **GET**: Retrieves data
* **POST**: Creates a new resource or submit data for processing
* **PUT**: Updates an existing resource
* **DELETE**: Removes a resource

### Security requirements

All APIs use [Transport Layer Security (TLS)](https://en.wikipedia.org/wiki/Transport_Layer_Security) to protect the payment and merchant data.

:white\_check\_mark: Requests that use TLS versions earlier than 1.2 are blocked by the firewall.

:white\_check\_mark: Ensure that your client, SDK, or browser supports TLS 1.2 or later.

### Authentication

All APIs require an `Access Key` and `API Key` for authentication.

{% hint style="info" %}
Contact [Xplor Pay](https://docs.xplorpay.com/getting-started) to get an Access Key and API Key.
{% endhint %}

An `Access Key` is required for:

* [Merchant Onboarding API](https://docs.xplorpay.com/api-reference/api/merchant-onboarding)
* [Reporting API](https://docs.xplorpay.com/api-reference/api/reporting/reporting)
* [Disputes API](https://docs.xplorpay.com/api-reference/api/disputes/disputes)

{% hint style="success" %}
You must include the required Access Key in the authentication headers of every request.
{% endhint %}

An `API Key` is required for [Payments API](https://docs.xplorpay.com/api-reference/api/payments).

{% hint style="success" %}
You must include the required API Key in the authentication headers of every request.
{% endhint %}