mastercard.com
Mastercard exposes multiple authenticated HTTP APIs plus a public npm SDK for hosting its Developers MCP server locally; API access uses Mastercard-issued credentials via OAuth 1.0a request signing by default, with some products also supporting OAuth 2.0/FAPI or mTLS client certificates.
- BINTableResource APIdiscovered
- BillPay APIdiscovered
- CurrencyConversionCalculator APIdiscovered
- Locations APIdiscovered
- MAWS APIdiscovered
- MerchantIdentifier APIdiscovered
Sign in to Mastercard Developers, open your project, then go to Sandbox credentials or Production credentials and add a project key as described in OAuth Keys. For OAuth 1.0a, Mastercard gives you a consumer key and you sign each request with your private key. For OAuth 2.0, Mastercard gives you a client ID and kid for a public key you register; you use your private key to sign a private_key_jwt and obtain bearer tokens. The easiest path is to generate a new private key in the browser from the project credentials screen, then download and store it securely.
conventions · 0/8 published
- integrations.json✗
/.well-known/integrations.json - llms.txt✗
/llms.txt - API catalog✗
/.well-known/api-catalog - OpenAPI document✗
/api/schema/, /openapi.json, /swagger.json, /api/openapi.json, or /v1/openapi.json - MCP server card✗
/.well-known/mcp/server-card.json - OAuth protected resource✗
/.well-known/oauth-protected-resource - Agent card✗
/.well-known/agent-card.json - Agent skills✗
/.well-known/agent-skills/index.json
Publish these signals → /publishing