# API Basics
source: https://developer.mastercard.com/locations-merchants/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using Locations.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

### Transport Encryption {#transport-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security/), which means data is encrypted by default when transmitted across networks.

## How to Consume the Location Services API? {#how-to-consume-the-location-services-api}

Note: There are multiple ways of integrating with the Location Services API

1. Using a generated API client (recommended)
2. Using a method of your choice

### Generating your own Location Services API client {#generating-your-own-location-services-api-client}

Create customizable API clients from the Location Services API specification and let Mastercard's open-source client libraries handle the authentication for you. This approach offers the most flexibility and is strongly recommended.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the following [OpenAPI spec download](https://static.developer.mastercard.com/content/locations-merchants/swagger/merchants-locations-api-spec.yaml)

* Please ignore steps 5 and 7 as the Location Services API does not currently have payload encryption.

### Using a method of your choice {#using-a-method-of-your-choice}

Locations exposes a REST API. You are free to use the HTTP client of your choice and can still leverage the Mastercard open-source [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) for signing your requests.

For that, please refer to the [API Reference Page](https://developer.mastercard.com/locations-merchants/documentation/api-reference/index.md).

## Environments {#environments}

| Environment |                                                                                                       Description                                                                                                       |
|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox     | *In the sandbox environment a mock service is running that provides sample responses. To access Sandbox select Locations when setting up [My Projects](https://developer.mastercard.com/dashboard/)*                    |
| Production  | *In production you can access the live services. To access production you need to select [Request Production Access](https://developer.mastercard.com/dashboard/) in the Location Services API project you have setup.* |