# API Basics
source: https://developer.mastercard.com/india-online-dispute-resolution/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using IODR.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

### Transport Encryption {#transport-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data are encrypted by default when transmitted across networks.

Tip: Do you want to learn more about the authentication and encryption schemes Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) and [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guides.

## How to Consume the IODR API? {#how-to-consume-the-iodr-api}

Note: There are multiple ways of integrating with IODR API:

1. Using a generated API client (recommended)
2. Using a method of your choice

### Generating your own IODR API client {#generating-your-own-iodr-api-client}

Create customizable API clients from the IODR API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended.

To generate IODR API client, follow our \[Generating and Configuring a Mastercard API Client\] (<https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/>) tutorial with the API specification:
[IndiaOnlineDisputeResolution.yaml](https://static.developer.mastercard.com/content/india-online-dispute-resolution/swagger/IndiaOnlineDisputeResolution.yaml) (43KB)

The following API specification:
[IndiaOnlineDisputeResolution.yaml](https://static.developer.mastercard.com/content/india-online-dispute-resolution/swagger/IndiaOnlineDisputeResolution.yaml) (43KB)

The encryption configuration below (to be used at the "*Enable Encryption*" step):
* Java
* C#

```java
Certificate encryptionCertificate = EncryptionUtils.loadEncryptionCertificate(encryptionCertPath);
PrivateKey key = EncryptionUtils.loadDecryptionKey(keyFile, keyAlias, password);
JweConfig config = JweConfigBuilder.aJweEncryptionConfig().withEncryptionCertificate(encryptionCertificate)
                    .withEncryptionPath("$", "$").withEncryptedValueFieldName("encryptedValue")
                    .withDecryptionKey(key).withDecryptionPath("$.encryptedValue", "$")
                    .build();
```

```csharp
Certificate encryptionCertificate = EncryptionUtils.LoadEncryptionCertificate(encryptionCertPath);
PrivateKey key = EncryptionUtils.LoadDecryptionKey(keyFile, keyAlias, password);
JweConfig config = JweConfigBuilder.aJweEncryptionConfig().WithEncryptionCertificate(encryptionCertificate)
                    .WithEncryptionPath("$", "$").withEncryptedValueFieldName("encryptedValue")
                    .WithDecryptionKey(key).withDecryptionPath("$.encryptedValue", "$")
                    .Build();
```

### Using a method of your choice {#using-a-method-of-your-choice}

IODR exposes a REST API: use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and dealing with payload encryption.

For that, refer to the [API Reference](https://developer.mastercard.com/india-online-dispute-resolution/documentation/api-reference/index.md).

## Environments {#environments}

The table describes the two different environments that are available.

|             **Environment**              |                                                                                                                  **Description**                                                                                                                   |
|------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox - MTF (Mastercard Test Facility) | The pre-production test environment contains the latest pre-release or released version of the APIs, intended for full integration testing before moving to production. At this stage, use the Sandbox keys generated during the project creation. |
| Production                               | The production environment contains the latest production API release. You can request approval to obtain the Production keys. Once approved, you can proceed to complete testing in the Production environment before launching your solution.    |