# API Basics
source: https://developer.mastercard.com/commercial-connect-api/documentation/api-basics/index.md

## API Security {#api-security}

The section provides introductory information for integrating your application with the Mastercard Commercial Connect API.

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your Developer Dashboard after you create a project.

|          Authentication Protocol           |                                                                                                                                Details                                                                                                                                |
|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [OAuth 1.0a](https://oauth.net/core/1.0a/) | Mastercard uses OAuth 1.0a with a body hash extension for authenticating the API clients. OAuth 1.0a is an authentication and authorization protocol that guarantees the integrity and authenticity of incoming API calls and allows for non-repudiation of requests. |

Do you want to learn more about the authentication scheme Mastercard uses?
Read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

### Transport Encryption {#transport-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data is encrypted by default when transmitted across networks.

## Environment Descriptions {#environment-descriptions}

The Commercial Connect API provides multiple environments to support different phases of integration and testing.

| Environment |                                                                                                                                                                                Description                                                                                                                                                                                |                   URL                    |
|-------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------|
| Sandbox     | The sandbox environment provides a simulated transaction processing environment for initial integration and testing. Developers can send test authorization requests and receive simulated responses without affecting production systems. Access requires project setup in [Mastercard Developers](https://developer.mastercard.com/dashboard) and OAuth authentication. | `https://sandbox.apiedge.mastercard.com` |
| Production  | The production environment processes live payment transactions with full integration to Mastercard global networks. Access requires completion of certification testing, security reviews, and operational readiness assessments. Production deployment includes ongoing monitoring and support processes.                                                                | `https://apiedge.mastercard.com`         |

## How to Consume the API {#how-to-consume-the-api}

### Generating your own Mastercard Commercial Connect API Client {#generating-your-own-mastercard-commercial-connect-api-client}

Create customizable API clients from the Mastercard Commercial Connect API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended.

To learn how to generate your own client, follow our guide: [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/generating-and-configuring-a-mastercard-api-client/) tutorial using:

1. Download the following Mastercard Commercial Connect API specification file. [commercial-connect-api.yaml](https://static.developer.mastercard.com/content/commercial-connect-api/swagger/commercial-connect-api.yaml) (129KB)
2. Generate an API client using the [OpenAPI Generator](https://openapi-generator.tech/docs/installation) and the development framework of your choice (see also: [Generators List](https://openapi-generator.tech/docs/generators/)).
3. Configure your client using our client libraries. These libraries are available in several languages, and we recommend that you utilize these libraries for OAuth authentication.

|                      | ![Java](https://static.developer.mastercard.com/content/commercial-connect-api/uploads/java.svg) | ![C#](https://static.developer.mastercard.com/content/commercial-connect-api/uploads/csharp.svg) | ![Python](https://static.developer.mastercard.com/content/commercial-connect-api/uploads/python.svg) | ![Node.js](https://static.developer.mastercard.com/content/commercial-connect-api/uploads/nodejs.svg) |
|----------------------|--------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------|
| **Download/install** | [Java](https://central.sonatype.com/artifact/com.mastercard.developer/oauth1-signer)             | [C#](https://www.nuget.org/packages/Mastercard.Developer.OAuth1Signer.Core)                      | [Python](https://pypi.org/project/mastercard-oauth1-signer/)                                         | [Node.js](https://www.npmjs.com/package/mastercard-oauth1-signer)                                     |
| **View on GitHub**   | [Java](https://github.com/Mastercard/oauth1-signer-java)                                         | [C#](https://github.com/Mastercard/oauth1-signer-csharp)                                         | [Python](https://github.com/Mastercard/oauth1-signer-python)                                         | [Node.js](https://github.com/Mastercard/oauth1-signer-nodejs)                                         |

To get started, add the package that matches your application development language to your project. You can also refer to the different README.md files for detailed how-to information.

## Next Steps {#next-steps}

Now that you have an understanding of the services authentication, proceed to the [Quick Start Guide](https://developer.mastercard.com/commercial-connect-api/documentation/quick-start-guide/index.md) section to learn how to access the API and generate your credentials.
