# Security
source: https://developer.mastercard.com/consent-management/documentation/oauth-security/index.md

## Security {#security}

### In short {#in-short}

* Mastercard uses OAuth 1.0a for authenticating client applications
* Requests with a body must be signed using the Google Request Body Hash extension for OAuth
* OAuth Keys for your project can be set up in your dashboard
* Client authentication libraries can be found on GitHub, with how-to information provided in README.md files

### OAuth keys \& authentication libraries {#oauth-keys--authentication-libraries}

For further details, refer to [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis/)