# Getting Started with the APIs using OAuth1.0A source: https://developer.mastercard.com/cross-border-services/documentation/api-basics/getting-started-oauth1a/index.md Follow the below listed step by step instructions to connect to the Cross-Border Services APIs using [OAuth1.0A](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) as an authentication mechanism. Alert: If you are a Customer contracted with MTS EU or MTS UK, you must use [OAuth2.0 Authorization Code flow](https://developer.mastercard.com/cross-border-services/documentation/oauth2-access-token-based-authentication-details/index.md) for Balance APIs and [OAuth2.0 Request Token based flow](https://developer.mastercard.com/cross-border-services/documentation/oauth2-request-token-based-authentication-details/index.md) for all APIs (except Balance API) as the authentication mechanism to ensure compliance with the relevant jurisdiction based Regulatory Technical Standards (either EU or UK) derived from the Revised Payment Services Directive (PSD2). Please proceed to [Getting Started with APIs using OAuth2.0](https://developer.mastercard.com/cross-border-services/documentation/api-basics/getting-started-oauth2/index.md) for step by step instructions on how to setup. ## Step 1: Create Project and Project Keys {#step-1-create-project-and-project-keys} To start using the Cross-Border Service APIs, you must create a [Mastercard Developers account](https://developer.mastercard.com/account/sign-up) and then create a project choosing the **Mastercard Cross-Border Services** API service. The project will generate the project keys required to use the APIs in each of the environments. The [Quick Start Guide](https://developer.mastercard.com/cross-border-services/documentation/tutorials/guide-create-project/index.md) provides detailed information about creating a project and downloading the project keys. In case, if you have an existing project, refer [Adding a new service to an existing project](https://developer.mastercard.com/cross-border-services/documentation/tutorials/guide-create-project/#adding-a-new-service-to-an-existing-project). Note: Project keys are subject to annual renewal. Mastercard recommends that you use a group email address when creating your project to ensure that team members can access the Mastercard Developers account used for testing and production. For more details, see [Project Keys](https://developer.mastercard.com/cross-border-services/documentation/api-basics/api-security/index.md#project-keys) ## Step 2: Connect to the API {#step-2-connect-to-the-api} You start connecting to the API in the **sandbox** environment, where you access API stubs that return simulated, static responses. See [Mastercard Environments](https://developer.mastercard.com/cross-border-services/documentation/api-basics/environments/index.md) for details. The Cross-Border Service APIs are RESTful APIs with OAuth security. So for all environments, your API requests must have an OAuth 1.0a Authorization Header for authentication and your request payload must be encrypted. ### ++a) Authentication:++ {#ua-authenticationu} Generate the OAuth 1.0a Authorization Header using the appropriate Signing Key and Consumer Key. You can implement your own OAuth 1.0a header or use the relevant Mastercard OAuth libraries (available on [GitHub](https://github.com/Mastercard?utf8=%E2%9C%93&q=oauth)). For guidance, refer to the README.md file with the libraries. For detailed information on using OAuth 1.0a with the Cross-Border Service APIs and generating Authorization Headers, see [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis) ### ++b) Encryption:++ {#ub-encryptionu} All the request payload sent by you to Mastercard must be encrypted. And you will need to decrypt the response payload sent by Mastercard. For more detailed information on payload **Encryption/ Decryption** , please see [here](https://developer.mastercard.com/cross-border-services/documentation/api-ref/encryption/index.md) **Note**: API error responses are not encrypted. ### ++c) Connection:++ {#uc-connection-u} Connect to Cross-Border Service API, using any of the below two options: #### ++Option 1: Direct Integration with APIs (using any REST client)++ {#uoption-1-direct-integration-with-apis-using-any-rest-client-u} For your convenience, we have created a Reference application that demonstrates how to connect to the various Cross-Border Service APIs using a REST client. You may download the sample reference application [here](https://github.com/Mastercard/crossborder-services-reference-application). **Note**: The application built is for reference purposes only. Your production application does not need to function the same way. Look at the [Reference App Tutorial](https://developer.mastercard.com/cross-border-services/documentation/ref-app/reference-app-tutorial/index.md) if you need further help. #### ++Option 2: Generate SDK to integrate with APIs++ {#uoption-2-generate-sdk-to-integrate-with-apisu} Another way is to generate a simple client using the [OpenAPI Generator](https://openapi-generator.tech/docs/integrations/) along with the [Mastercard libraries for authentication](https://github.com/Mastercard?utf8=%E2%9C%93&q=oauth) and use the client to connect to the Mastercard Cross-Border Services APIs. Take a look at the [API Tutorial](https://developer.mastercard.com/cross-border-services/documentation/tutorials/api-sdk-tutorial/index.md) that shows a simple example on how to make an API call by generating client SDK to connect to the Cross-Border Service API. ## Next Steps {#next-steps} 1. Once you have successfully connected to the Cross-Border Service APIs, you will be able to test the APIs in the sandbox environment. Please refer to the respective APIs under [API Reference](https://developer.mastercard.com/cross-border-services/documentation/api-ref/index.md) for the sandbox test cases and sample request/ response. 2. Prior to the next phase of testing, a project should be opened to properly assign resources. Mastercard will ensure eligibility requirements are met. 3. When you are ready to test with the full APIs and have met the eligibility requirements, you can ask your Mastercard representative for access to the MTF environment as shown [here](https://developer.mastercard.com/cross-border-services/documentation/guide-mtf-access/index.md) 4. For MTF testing, your assigned Mastercard implementation manager will provide you a **Partner ID** assigned to your organization, a detailed test plan and test cases specific to your program requirements and the destination endpoints you have selected. 5. Once you have successfully made test requests and your application has appropriately handled the responses, you will be provided a detailed **Technical Endpoint Guide** unique to your program requirements that will include specific information about the fields required vs. optional based on the destination endpoints you have selected. It is required that you perform development against these specifications prior to the next phase of testing. 6. Once MTF testing is complete, you can request Production access for your project (refer [step-by-step guide](https://developer.mastercard.com/cross-border-services/documentation/tutorials/guide-move-to-production/index.md) ), which requires approval from Mastercard and assistance from the Mastercard's Customer Implementation Services (CIS) Team.