# API Basics
source: https://developer.mastercard.com/locations/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using Locations.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

### Transport Encryption {#transport-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security/), which means data are encrypted by default when transmitted across networks.

## How to Consume the ATM Locations API? {#how-to-consume-the-atm-locations-api}

Note: There are multiple ways of integrating with the ATM Locations API:

1. Using a generated API client (recommended)
2. Using a method of your choice

### Generating your own ATM Locations API client {#generating-your-own-atm-locations-api-client}

Create customizable API clients from the ATM Locations API specification and let Mastercard's open-source client libraries handle the authentication for you. This approach offers the most flexibility and is strongly recommended.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the following [OpenAPI spec download](https://static.developer.mastercard.com/content/locations/swagger/atms-locations-api-spec.yaml)

* Please ignore steps 5 and 7 as the ATM Locations API does not currently have payload encryption.

### Using a method of your choice {#using-a-method-of-your-choice}

Locations exposes a REST API. You are free to use the HTTP client of your choice and can still leverage the Mastercard open-source [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) for signing your requests.

For that, please refer to the [API Reference Page](https://developer.mastercard.com/locations/documentation/api-reference/index.md).

## Environments {#environments}

| Environment |                                                                                                     Description                                                                                                     |
|-------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox     | *In the sandbox environment a mock service is running that provides sample responses. To access Sandbox select Locations when setting up [My Projects](https://developer.mastercard.com/dashboard/)*                |
| Production  | *In production you can access the live services. To access production you need to select [Request Production Access](https://developer.mastercard.com/dashboard/) in the ATM Locations API project you have setup.* |