# API Basics
source: https://developer.mastercard.com/community-pass-payment-apis/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you have created a project using MCPP APIs.

### Transport and Payload Encryption {#transport-and-payload-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data are encrypted by default when transmitted across networks.

In addition to that, MCPP APIs uses end-to-end payload encryption to secure sensitive data like Personally Identifying Information (PII). You can manage your encryption keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard).
Tip: Do you want to learn more about the authentication scheme Mastercard ? Please refer to our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) and [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guides.

## How to Consume the MCPP APIs? {#how-to-consume-the-mcpp-apis}


Note: There are multiple ways of integrating with Community Pass Payment APIs:

1. Using a generated API client (recommended)
2. Using a Community Pass Payment APIs SDK (deprecated)
3. Using a method of your choice
--\>

<br />

### Generating your own MCPP APIs client {#generating-your-own-mcpp-apis-client}

Please refer to our [Tutorials and Guides](https://developer.mastercard.com/community-pass-payment-apis/documentation/api-tutorials/index.md).

### Using a method of your choice {#using-a-method-of-your-choice}

MCPP APIs expose a REST API. You are free to use any REST/HTTP client of your choice to leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and working with payload encryption and decryption.

Please refer to the [REST API Reference](https://developer.mastercard.com/community-pass-payment-apis/documentation/api-reference/index.md) for MCPP APIs to learn more.

## Environment Descriptions {#environment-descriptions}

|  Environment   |                             Url                              |                                                                         Description                                                                         |
|----------------|--------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Sandbox**    | <https://sandbox.api.mastercard.com/community-pass/payments> | Sandbox is a production-like environment to interact with the MCPP APIs. At this stage, use the Sandbox keys generated during the project creation.         |
| **Production** | <https://api.mastercard.com/community-pass/payments>         | You can request for approval to obtain the Production keys. Once approved, you can proceed to complete Production testing prior to launching your solution. |