# REST API Basics source: https://developer.mastercard.com/iccp/documentation/api_basics/rest_api_basics/index.md > The section provides introductory information for integrating your application with the ICCP REST API. ## API Environments {#api-environments} Mastercard provides a sandbox and a production environment. You should test your integration in a sandbox environment to validate its operation. After completing your testing, request access to the production environment to go live. Access the environments using the following links: ## Environment Domains {#environment-domains} * Sandbox * Production ```Sandbox https://sandbox.apiedge.mastercard.com/product/commercial/real-card-account-service ``` ```Production https://apiedge.mastercard.com/product/commercial/real-card-account-service ``` ## Authentication {#authentication} Mastercard uses [OAuth 1.0a](https://oauth.net/core/1.0a/) for authenticating your application. You can manage your authentication keys from your Developer Dashboard. To learn how Mastercard uses the OAuth 1.0a standard for authentication, refer to the [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis/) article. ## Using Signing Keys {#using-signing-keys} The ICCP API requires a signing key and a consumer key to authorize your client API requests in both sandbox and production environments. If you do not include keys, or include incorrect or outdated keys, then the ICCP API responds with respective errors. ![](https://static.developer.mastercard.com/content/iccp/uploads/api-keys.png) ### Obtaining Keys {#obtaining-keys} You can obtain keys to these environments in the following ways: * **Sandbox keys** - By creating a new project on your dashboard. Refer to the [Quick Start Guide](https://developer.mastercard.com/iccp/documentation/quick-start-guide/index.md) topic for more details. * **Production keys** - By requesting production access for your project. ## Using Correlation ID {#using-correlation-id} The correlation ID provides a Universally Unique Identifier (UUID) to trace each API request across ICCP. The correlation ID is a single, unique ID that traces ICCP API calls across the Mastercard Network. ### Format {#format} * Unique, hyphen-separated alphanumeric string. We recommend the UUID algorithm, an industry standard that guarantees a high degree of uniqueness. * Length: 14-36 characters. * Example: 123e4567-e89b-12d3-a456-344555440000 You can supply a correlation ID in the `X-B3-TraceId` field in the HTTP request header in the format above. `X-B3-TraceId` is an industry standard field for passing trace information using HTTP headers. If you do not provide a correlation ID in a request, or if the value provided does not meet the requirements, Mastercard creates a new correlation ID for the request in the `X-B3-TraceId` field. Any API requests that require troubleshooting assistance by Mastercard, the correlation ID speeds up the tracing of the affected requests across the Mastercard Network. Note: If you are an existing ICCP SOAP API user, no additional onboarding is required. You can continue using your current project and API keys to access REST APIs. This ICCP REST APIs feature is not enabled by default for existing SOAP users. Please get in touch with your Mastercard representative to opt-in. ## Next Steps {#next-steps} Now that you have an understanding of the service's authentication and encryption, proceed to the [Quick Start Guide](https://developer.mastercard.com/iccp/documentation/quick-start-guide/index.md) section to learn how to access the API and generate your credentials.