# API Basics
source: https://developer.mastercard.com/eop-admin/documentation/api-basics/index.md

## Client authentication {#client-authentication}

To access Mastercard APIs, you will need to configure your API client to authenticate using one of the following supported authentication protocols.

| Authentication protocol |                                                                                                                            Description                                                                                                                             |                                                                     Reference information                                                                      |
|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|
| OAuth 1.0a              | This is the default authentication mechanism used by most APIs on Mastercard Developers. OAuth 1.0a is an authentication and authorization protocol that guarantee the integrity and authenticity of incoming API calls and allow for non-repudiation of requests. | [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) |
| OAuth 2.0               | Mastercard APIs use the OAuth 2.0 client credentials flow to authenticate API clients, and [FAPI 2.0](https://openid.bitbucket.io/fapi/fapi-security-profile-2_0.html), a security profile built for financial services.                                           | [Using OAuth 2.0 to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-2-to-access-mastercard-apis/)   |

You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using Offers Merchant Content.

### Upgrade to OAuth 2.0 {#upgrade-to-oauth-20}

If your Mastercard Developers project uses OAuth 1.0a and the APIs in your project support OAuth 2.0, you can upgrade your project to support both authentication methods. To upgrade, follow the steps in the [Upgrading Keys to OAuth 2.0](https://developer.mastercard.com/platform/documentation/credential-management/oauth-key-management/#upgrading-keys-to-oauth-20) section.

## How to consume Offers Merchant Content {#how-to-consume-offers-merchant-content}

Note: There are multiple ways of integrating with Offers Merchant Content:

1. Using a generated API client (recommended)
2. Using a method of your choice

### Generate your own Offers Merchant Content client {#generate-your-own-offers-merchant-content-client}

Create customizable API clients from the Offers Merchant Content specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended.

Follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/generating-and-configuring-a-mastercard-api-client/) tutorial with the API specification on the [API Reference](https://developer.mastercard.com/eop-admin/documentation/api-reference/index.md) page.

### Use a method of your choice {#use-a-method-of-your-choice}

Offers Merchant Content exposes a REST API. You are free to use the REST/HTTP client of your choice and can still use the Mastercard open-source client libraries for signing your requests:

* [Client libraries for OAuth 1.0a](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries)
* [Client libraries for OAuth 2.0](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-2-to-access-mastercard-apis/#client-libraries)

<br />

Refer to the Offers Merchant Content [REST API Reference](https://developer.mastercard.com/eop-admin/documentation/api-reference/index.md) page for details.

## Environments {#environments}

The table describes the two different environments that are available.

| **Environment** |                                                                                                                                 **Description**                                                                                                                                 |
|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox         | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production. Use your Sandbox keys to authenticate with this environment. The keys are set up when you create your project. |
| Production      | Full production environment containing the latest production API release.                                                                                                                                                                                                       |

## Next steps {#next-steps}

Now that you have an understanding of the authentication and encryption requirements, proceed to the [Quick Start Guide](https://developer.mastercard.com/eop-admin/documentation/quick-start-guide/index.md) section to learn how to access the API and generate your credentials.