# API Basics source: https://developer.mastercard.com/commercial-event-notifications/documentation/api-basics/index.md The commercial Event Notifications API is an HTTP-based RESTful API that uses OAuth 1.0a for authorization. Mastercard provides a sandbox and a production environment to access this API using API keys. ## API Protocol {#api-protocol} The commercial Event Notifications API uses HTTP POST requests to communicate and HTTP response codes to indicate the status and errors. * To ensure data privacy, the API is served over HTTPS [TLS v1.1+](https://en.wikipedia.org/wiki/Transport_Layer_Security). * All requests must include a `Content-Type` of `application/json` and the request body, when present, must be a valid JSON message. ## API Environments {#api-environments} Test your integration in the sandbox environment to ensure that the integration fully meets your requirements. Once your application is complete and fully tested, use the production environment to go live. Access the environments using the following links: | Environment name | Description | Link | |------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------| | Sandbox | The pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production. | `https://sandbox.api.mastercard.com/commercial-event-notifications` | | Production | The full production environment containing the latest production API release. | `https://api.mastercard.com/commercial-event-notifications` | For a complete list of API calls, refer to the [API Reference](https://developer.mastercard.com/commercial-event-notifications/documentation/parameters/index.md) section. ## Authentication {#authentication} Access the event notifications API through the Mastercard API gateway. It uses the [OAuth 1.0a](https://oauth.net/core/1.0a/) standard to authenticate API requests from your client application. For outbound API requests made by Mastercard to your client application, TLS is used by default. However, upon request, you can configure the use of mTLS and even OAuth 2.0 for these outbound scenarios. * When you build the provided reference application, the `Mastercard oauth1-signer-java OAUTH 1.0a` for JAVA is automatically downloaded as one of the dependencies. * You can also manually download this from [here](https://github.com/Mastercard?q=oauth). Mastercard provides an [OAuth](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis/#insomnia-plugin) plugin to use it with the Insomnia tool to test the sample event notifications API requests from the [Parameters](https://developer.mastercard.com/commercial-event-notifications/documentation/parameters/index.md) chapter. To learn how Mastercard uses the OAuth 1.0a standard for authentication, refer to the [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis/) article. ## Using Signing Keys {#using-signing-keys} The Commercial Event Notifications service requires a signing key and a consumer key to authorize your client API requests in both sandbox and production environments. If you do not include valid credentials in your requests, you will receive an error response. ### Obtaining Keys {#obtaining-keys} You obtain keys to the sandbox and production environments as follows: * **Sandbox keys** - When you create a new project on your dashboard you will be issued with sandbox keys. Refer to the [Getting Started](https://developer.mastercard.com/commercial-event-notifications/documentation/quick-start-guide/index.md) topic for more details. * **Production keys** - By clicking on "Request Production Access" in your project and following the steps, you will be issued with production keys and a request will be raised to grant you access to the production environment.