API Guide
Everything you need to integrate with DCMS — architecture, authentication, response format, webhooks, and best practices.
Complete integration guide for DCMS APIs — from authentication to production deployment.
Design Principles
| Principle | Detail |
|---|---|
| REST | All APIs are RESTful — standard HTTP methods, JSON payloads |
| Tenant-Isolated | Every request scoped to a tenant via the TENANT header |
| Stateless | No server-side sessions; every request carries full context |
| Consistent | Unified response envelope across all APIs |
| Idempotent | Key operations support idempotency |
API Gateway
All API requests route through a centralized gateway:
- Authentication — Validates JWT before forwarding
- Encryption — Request/response body encryption for sensitive payloads
- Rate Limiting — Protects services from excessive traffic
- Logging — Request/response audit trail
Base URL
https://{environment}.m2p.com/dcms/{service-path}| Environment | URL |
|---|---|
| Sandbox / UAT | https://uat.m2p.com/dcms/... |
| Production | https://api.m2p.com/dcms/... |
Exact URLs are provisioned during onboarding. All environments use HTTPS only (TLS 1.2+).
Authentication
Tenant headers, JWT tokens, request encryption, and RBAC roles.
Response Format
Standard response envelope, error format, pagination, and HTTP status codes.
API Catalogue
Complete overview of all API categories across the platform.
Event Subscriptions
Event-driven notifications for transactions, card status, and fraud alerts.
Best Practices
Error handling, idempotency, rate limiting, timeouts, and security guidelines.
Testing & Migration
UAT environment, testing workflow, sandbox, and CMS migration guide.