Access the endpoints

Accessing MatchMove APIs

MatchMove APIs are only accessible to authenticated entities, in an agreed-upon manner, and from a specified source.

To access the APIs successfully, you must have the following items available and aligned with you as an API consumer.

Consumer Key and Secret

To begin using MatchMove APIs, you must first obtain access to the consumer key and credentials. The consumer key and secret are unique to each program and environment.

If you have multiple programs, each program will have a different consumer key and consumer secret, which you must use to access that particular product.

Static IP Whitelisting

To ensure secure access, the MatchMove API only responds if the IP address of the middleware server sending the request is whitelisted. This does not refer to the IP address of the device in use.

As an API consumer, you are expected to collaborate with your cloud or data center provider to ensure that requests to the MatchMove API server are only from whitelisted IP addresses.

Scope of Access

The default access granted to you has a default scope. APIs are accessed using the default scope function, just as they should be when accessed by an end user.

Example: If a user account is blocked, the user should be unable to access the account information. Similarly, if a user is flagged for risk evaluation, they should be unable to access their account until it has been evaluated and exempted.

The MatchMove platform also allows you to access resources via Admin scope, which means that even if the resources are not technically intended to be visible to end users, you, as an API consumer, can access them.

Encryption Data Key

For specific APIs, an additional Encryption Data key is provided to secure the transmission of API information, which you must use as a consumer to decrypt sensitive messages transmitted on specific payloads.