# API Basics source: https://developer.mastercard.com/identity-insights-for-accounts/documentation/api-basics/index.md ## API Security {#api-security} ### Client Authentication {#client-authentication} Mastercard uses Mutual Transport Layer Security (MTLS) for authenticating your application. You can manage your authentication keys from your [Mastercard Connect KMP portal](https://www.mastercardconnect.com/-/sign-in) after you have created a project using Identity Insights for Accounts API. Tip: Do you want to learn more about the authentication scheme Mastercard uses? Read our [Using MTLS to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-mtls-to-access-mastercard-apis/) guide. ### Transport Encryption {#transport-encryption} The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data is encrypted by default when transmitted across networks. In addition, Identity Insights for Accounts uses JSON Web Encryption (JWE) to provide end-to-end payload encryption to secure sensitive data like Personal Identifiable Information (PII). You can manage your encryption keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard). Tip: Do you want to learn more about the authentication and encryption schemes Mastercard uses? Read our [Using MTLS to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-mtls-to-access-mastercard-apis/) and [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guides. ## How to Consume the Identity Insights for Accounts API {#how-to-consume-the-identity-insights-for-accounts-api} Note: There are multiple ways of integrating with Identity Insights for Accounts: 1. Using a generated API client (recommended) 2. Using a method of your choice ### Generating Your Own Identity Insights for Accounts API Client {#generating-your-own-identity-insights-for-accounts-api-client} Create customizable API clients from the Identity Insights for Accounts API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended. For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the following API specification: [IIA-swagger-public.yaml](https://static.developer.mastercard.com/content/identity-insights-for-accounts/swagger/IIA-swagger-public.yaml) (27KB) ### Using a Method of Your Choice {#using-a-method-of-your-choice} Identity Insights for Accounts exposes a REST API. You are free to use the REST/HTTP client of your choice and still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-mtls-to-access-mastercard-apis/#client-libraries) and client encryption libraries for signing your requests and dealing with payload encryption. For this, please refer to the Identity Insights for Accounts service [REST API Reference](https://developer.mastercard.com/identity-insights-for-accounts/documentation/api-reference/index.md). To get started, simply add to your project the package matching your application development language. You can also refer to the different [README.md](https://github.com/Mastercard/client-encryption-csharp/blob/main/README.md) files for detailed how-to information. The following JWE Header Parameters should be included while encrypting data. | **JWE Header Parameter** | **Description** | |--------------------------|-------------------------------------------------------------------------------------------------------------------------------| | enc | Content Encryption algorithm. Must have a value of A256GCM | | alg | Key Encryption algorithm. Must have a value of RSA-OAEP-256 | | cty | application/json | | kid | Contains the public key fingerprint ID (the value is displayed under the Client Encryption Keys section of the project page). | ### Body {#body} The payload, using encrypted data, for API calls to IDV is shown below. Replace the below JWE Payload string to your encrypted message. ```json { "encryptedData": "JWE Payload" } ``` Tip: We strongly encourage you to use existing libraries rather than implementing the encryption and decryption steps yourself. ## Environments {#environments} The table below describes the two different environments that are available. | **Environment** | **Description** | |-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Sandbox | The pre-production test environment contains the latest pre-release or released version of the APIs and is intended for full integration testing before moving to production. At this stage, use the Sandbox keys generated during the project creation step. | | Production | The production environment contains the latest production API release. Request approval is required to obtain the Production keys. Once approved, complete testing in the Production environment before launching your solution. |