# API Basics source: https://developer.mastercard.com/carbon-calculator/documentation/api-basics/index.md ## API Security {#api-security} ### Client Authentication {#client-authentication} Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using the Carbon Calculator API. Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide. ### Transport Encryption {#transport-encryption} The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data is encrypted by default when transmitted across networks. In addition to that, Carbon Calculator uses end-to-end payload encryption to secure sensitive data like Personally Identifying Information (PII). You can manage your encryption keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard). Tip: Do you want to learn more about the encryption schemes Mastercard uses? For that, read our [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guides. ## How to Consume the Carbon Calculator API? {#how-to-consume-the-carbon-calculator-api} Note: There are multiple ways of integrating with the Carbon Calculator API. 1. Using a generated API client (recommended) 2. Using a method of your choice ### Generating your own {Carbon Calculator} API client {#generating-your-own-carbon-calculator-api-client} Create customizable API clients from the Carbon Calculator API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended. For this, follow the [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial. * The following [API specification](https://developer.mastercard.com/carbon-calculator/documentation/api-reference/index.md) * The encryption configuration below (to be used at the "*Enable Encryption*" step): * Java * C# ```java FieldLevelEncryptionConfig config = FieldLevelEncryptionConfigBuilder .aFieldLevelEncryptionConfig() .withEncryptionCertificate(encryptionCertificate) .withEncryptionPath("$", "$") .withEncryptedValueFieldName("encryptedData") .withEncryptedKeyFieldName("encryptedKey") .withOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm") .withOaepPaddingDigestAlgorithm("SHA-256") .withEncryptionKeyFingerprintFieldName("publicKeyFingerprint") .withIvFieldName("iv") .withFieldValueEncoding(FieldLevelEncryptionConfig.FieldValueEncoding.HEX) .build(); ``` ```csharp var fieldLevelEncryptionConfig = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .withEncryptionCertificate(encryptionCertificate) .withEncryptionPath("$", "$") .withEncryptedValueFieldName("encryptedData") .withEncryptedKeyFieldName("encryptedKey") .withOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm") .withOaepPaddingDigestAlgorithm("SHA-256") .withEncryptionKeyFingerprintFieldName("publicKeyFingerprint") .withIvFieldName("iv") .withFieldValueEncoding(FieldLevelEncryptionConfig.FieldValueEncoding.HEX) .build(); ``` ### Using a method of your choice {#using-a-method-of-your-choice} The Carbon Calculator exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and dealing with payload encryption. For this, refer to the Carbon Calculator [REST API Reference](https://developer.mastercard.com/carbon-calculator/documentation/api-reference/index.md). ## Environments {#environments} The table below describes the different environments that are available. | **Environment** | **Description** | |------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Sandbox - MTF (Mastercard Test Facility) | The pre-production test environment contains the latest pre-release or released version of the APIs, intended for full integration testing before moving to production. At this stage, use the sandbox keys generated during the project creation. | | Production | The production environment contains the latest production API release. You can request approval to obtain the production keys. Once approved, you can proceed to complete testing in the production environment before launching your solution. | ## Next Steps {#next-steps} Now that you have an understanding of the services authentication and encryption, proceed to the [Quick Start Guide](https://developer.mastercard.com/carbon-calculator/documentation/quick-start-guide/index.md) section to learn how to access the API and generate your credentials.