# API Basics source: https://developer.mastercard.com/easy-savings-specials/documentation/api-basics/index.md ## API security {#api-security} ### Client authentication {#client-authentication} Easy Savings Specials Merchant Offers API uses OAuth 1.0a for authenticating client applications. OAuth requires you to sign each request with an RSA private key that you send to Mastercard. | Authentication Protocol | Details | |--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [OAuth 1.0a](https://oauth.net/core/1.0a/) | Mastercard uses OAuth 1.0a with a body hash extension for authenticating the API clients. OAuth 1.0a is an authentication and authorization protocol that guarantees the integrity and authenticity of incoming API calls and allows for non-repudiation of requests. | Sign requests with a body using the [Google request body hash](https://datatracker.ietf.org/doc/id/draft-eaton-oauth-bodyhash-00.html) extension for OAuth. You can set up your project's OAuth keys in the [project dashboard](https://developer.mastercard.com/dashboard) after you create the project. Tip: To understand the authentication method and the structure of the Authorization header used by Mastercard, refer to the [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide. ### Transport encryption {#transport-encryption} [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security) secures the transport between client applications and Mastercard, encrypting data by default during transmission. ## Environment descriptions {#environment-descriptions} The table describes the two different environments that are available. | **Environment** | **Description** | |-----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Sandbox | The sandbox environment is a pre-production test environment where developers can experiment with API calls without impacting real data or systems. It helps identify and resolve errors safely. To access the sandbox environment, select Easy Savings Special API when setting up [My Projects](https://developer.mastercard.com/dashboard). | | Production | The production environment is the live environment setting where the API interacts with actual users and the data environment. To access the production environment, you need to select Request Production Access in the [project dashboard](https://developer.mastercard.com/dashboard). | ## How to Consume the Easy Savings Specials Merchant Offers API? {#how-to-consume-the-easy-savings-specials-merchant-offers-api} Create customizable API clients from the Easy Savings Specials Merchant Offers API specification and let Mastercard's open-source client libraries handle the authentication for you. This approach offers the most flexibility and is strongly recommended. Follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the provided API specification, [offers-api-swagger.yml](https://static.developer.mastercard.com/content/easy-savings-specials/swagger/offers-api-swagger.yml) (18KB). ## Next steps {#next-steps} Now that you have an understanding of the services authentication, proceed to the [Quick Start Guide](https://developer.mastercard.com/easy-savings-specials/documentation/quick-start-guide/index.md) section to learn how to access the API and generate your credentials.