# API Basics
source: https://developer.mastercard.com/benefit-allocation-service-mtls/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses Mutual TLS Authentication (MTLS) to authenticate and authorize client applications. To access Benefit Allocation Service API, you must authenticate your client applications. This means that you have to digitally sign every request sent to Mastercard, and only requests with valid signatures created by authorized clients can gain access to the Mastercard benefit allocation service.

You can manage your authentication keys from your [dashboard](https://developer.mastercard.com/dashboard) after you created a project using Benefit Allocation Service MTLS.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using MTLS to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-mtls-to-access-mastercard-apis/) guide.

### Transport Encryption {#transport-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data are encrypted by default when transmitted across networks.

In addition to that, Benefit Allocation Service uses JWE to provide end-to-end payload encryption to secure sensitive data like Personally Identifying Information (PII).
You can manage your encryption keys from your [dashboard](https://developer.mastercard.com/dashboard).
Tip: Do you want to learn more about the authentication and encryption schemes Mastercard uses? For that, read our [Using MTLS to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-mtls-to-access-mastercard-apis/) and [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guides.

Mastercard provides open-source client libraries for [authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/#step-4-add-the-client-authentication-library-to-the-project) and [encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/#step-5-add-the-client-encryption-library-to-the-project). Internally it uses the below algorithms


Key Encryption Algorithm : RSA_OAEP_256


Content Encryption Algorithm : A256GCM

## How to Consume the Benefit Allocation Service API? {#how-to-consume-the-benefit-allocation-service-api}

### Generating your own Benefit Allocation Service API client {#generating-your-own-benefit-allocation-service-api-client}

Create customizable API clients from the Benefit Allocation Service API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers the more flexibility and is strongly recommended.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the following API specification:
[spec-benefit-allocations.yaml](https://static.developer.mastercard.com/content/benefit-allocation-service-mtls/swagger/spec-benefit-allocations.yaml) (15KB)

### Using a method of your choice {#using-a-method-of-your-choice}

Benefit Allocation Service exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-mtls-to-access-mastercard-apis/#client-certificates-and-environments) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and dealing with payload encryption.

For that, please refer to the Benefit Allocation Service [REST API Reference](https://developer.mastercard.com/benefit-allocation-service-mtls/documentation/api-reference/index.md).

## Environments {#environments}

| **Environment** |                                                                     **Description**                                                                     |
|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox         | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration prior to moving to production |
| Production      | Full production environment containing the latest production API release.                                                                               |