# API Basics
source: https://developer.mastercard.com/flight-delay-pass/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses one-legged OAuth 1.0a to authenticate and authorize client applications. To access Flight Delay Pass Service API, you must authenticate your client applications. This means that you have to digitally sign every request sent to Mastercard, and only requests with valid signatures created by authorized clients can gain access to the Mastercard Flight Delay Pass service.

You can manage your authentication keys from your [dashboard](https://developer.mastercard.com/dashboard) after you created a project using Flight Delay Pass Service.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

### Transport Encryption {#transport-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data are encrypted by default when transmitted across networks.

In addition to that, Flight Delay Pass Service uses JWE to provide end-to-end payload encryption and decryption to secure sensitive data like Personally Identifying Information (PII).
You can manage your encryption keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard).
Tip: Do you want to learn more about the authentication and encryption schemes Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) and [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guides.

Mastercard provides open-source client libraries for [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) . Internally it uses the below algorithms


Key Encryption Algorithm : RSA_OAEP_256


Content Encryption Algorithm : A256GCM

## How to Consume the Flight Delay Pass Service API? {#how-to-consume-the-flight-delay-pass-service-api}

### Generating your own Flight Delay Pass Service API client {#generating-your-own-flight-delay-pass-service-api-client}

Create customizable API clients from the Flight Delay Pass Service API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers the more flexibility and is strongly recommended.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the following API specification:
[FlightDelayPassSpec.yaml](https://static.developer.mastercard.com/content/flight-delay-pass/swagger/FlightDelayPassSpec.yaml) (16KB)

### Using a method of your choice {#using-a-method-of-your-choice}

Flight Delay Pass Service exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and dealing with payload encryption.

For that, please refer to the Flight Delay Pass Service [REST API Reference](https://developer.mastercard.com/flight-delay-pass/documentation/api-reference/index.md).

## Environments {#environments}

|        **Environment**        |                                                                                  **Description**                                                                                   |
|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox                       | Pre-production test environment containing the latest pre-release version of the real APIs, intended to experience the immediate usage of the APIs by adding '/sandbox' to the url |
| Mastercard Test Facility(MTF) | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration prior to moving to production                            |
| Production                    | Full production environment containing the latest production API release.                                                                                                          |