# Quick Start Guide
source: https://developer.mastercard.com/mastercard-agent-pay/documentation/quick-start-guide/index.md
๐ Please use the different Quick Start Guide templates depending on your service type, e.g. Traditional API / Outbound API / Hosted Documentation API.
## Overview {#overview}
The {Pet Store} service provides a set of APIs that let you consume pet data in a variety of ways for efficient and secure querying, updating and deleting. This tutorials guides you through the process of onboarding to the service and consuming the data exposed by it.
Tip: **Postman Collections Quick Start:** If you are already ready to start making calls you can head over to our [Postman Collections page](https://developer.mastercard.com/mastercard-agent-pay/documentation/postman-collections/index.md) to leverage Sandbox and Production environments without having to write code.
> #### You Can Follow this Guide to Learn: {#you-can-follow-this-guide-to-learn}
>
> * How to create a project for the service.
> * How Mastercard Developers approaches authentication.
> * How to generate your credentials and API client.
> * How to get access to Sandbox and Production.
๐If your API uses encryption include step 11, if it does not then do not include it.
## Accessing The API {#accessing-the-api}
1. Navigate to [Mastercard Developers](https://developer.mastercard.com/) and click sign up and create an account.
2. Activate your account by opening the link sent to your email address, and log in.
3. Request access to the API if needed. APIs with a 'lock icon' require permission to view their documentation and create a project. To gain access to these services, you will need to submit an access request form. Once submitted, you will receive an email confirmation approving or denying your access.
## Generate Your Credentials {#generate-your-credentials}
To generate your Sandbox and Production credentials you must create a new Mastercard Developers project. Generating Sandbox credentials will give you access to our Sandbox, which has rich, mocked data, that will help you understand the API.
1. Create a project on your [My Projects](https://developer.mastercard.com/dashboard) page.
2. Name your project.
3. Indicate whether you are creating a project on behalf of a client. Note: Check "yes" if you are creating an API integration project for a customer. For example, you could be an integrator, a processor, or a service provider and the customer could be a merchant, issuer, or acquirer.
4. Provide the client company name and client company address (if applicable).
5. In the **'Select your API service'** field, select **'{Your Service Name}'** .
6. Provide the commercial countries for the project. This field represents where your client is doing business. Note: If you are creating a project on-behalf of a client, the Commercial countries represent where your client is doing business.
7. Proceed to create your 'Project Credentials' and select the 'OAuth 1.0' radio button. 
8. Scroll down and create a key alias and keystore password, note this. 
9. Download your PKCS#12 (.p12) keystore file and save it in a safe place.
10. Save your Sandbox credentials.
11. Proceed to generate your 'Additional Credentials' (such as JWE encryption keys), this will be done automatically after you click 'Create Project' 
12. Once you complete this flow you will land on the Project page. From the Project page take note of your: 1) Sandbox and Production status ('Ready/ Not Requested'), 2) Sandbox and Production credentials: authentication consumer key and client encryption key fingerprint. 
## Integrate {#integrate}
### Generate your own API client {#generate-your-own-api-client}
1. Navigate to the API documentation page.
2. Download the API specification (OpenAPI or Swagger).
3. Generate and configure an API client for this API.
4. Configure your client using our [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries).
### Testing the service {#testing-the-service}
You can test our service using three different methods:
1. Using Postman: If you are using Postman, please follow our [Postman Tutorial](https://developer.mastercard.com/platform/tutorial/use-postman-for-mastercard-apis/)
2. Using Insomnia: If you are using Insomnia, please follow our [Insomnia Tutorial](https://developer.mastercard.com/platform/tutorial/use-insomnia-rest-client-for-mastercard-apis/)
3. Using our Reference Application: If you are using our reference application, please go to our [Reference Application](https://developer.mastercard.com/mastercard-agent-pay/documentation/reference-app/index.md) page.
For more information on testing, see our [Integration and Testing](https://developer.mastercard.com/mastercard-agent-pay/documentation/integration-and-testing/index.md) page.
Note: For a detailed step-by-step guide, see [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/).
## Go-Live {#go-live}
After you have tested your implementation in our Sandbox environments, it is time to **Move to Production**.
### Steps to move to production {#steps-to-move-to-production}
1. Within your project, select "Request Production Access". 
2. Enter your Production key alias and keystore password. 
3. Save your key alias and keystore password for future reference.
4. Confirm and download your Production keys. Note: Production Credentials are generated instantaneously, but they still need to be approved for Production environment access before you can go live. Once your Production access request has been reviewed, you will receive a notification confirming your access has been approved or denied.
## Onboarding Requirements {#onboarding-requirements}
๐Outline the onboarding requirements. If your Outbound API has a 'create project flow' on Mastercard Developers, use the following:
๐If your API uses encryption include step 11, if it does not then do not include it.
## Accessing The API {#accessing-the-api}
1. Navigate to [Mastercard Developers](https://developer.mastercard.com/) and click sign up and create an account.
2. Activate your account by opening the link sent to your email address, and log in.
3. Request access to the API if needed. APIs with a 'lock icon' require permission to view their documentation and create a project. To gain access to these services, you will need to submit an access request form by clicking on the lock icon. Once submitted, you will receive an email confirmation approving or denying your access.
## Generate Your Credentials {#generate-your-credentials}
To generate your Sandbox and Production credentials you must create a new Mastercard Developers project. Generating Sandbox credentials will give you access to our Sandbox, which has rich, mocked data, that will help you understand the API.
1. Create a project on your [My Projects](https://developer.mastercard.com/dashboard) page.
2. Name your project.
3. Indicate whether you are creating a project on behalf of a client.
Note: Check "yes" if you are creating an API integration project for a customer. For example, you could be an integrator, a processor, or a service provider and the customer could be a merchant, issuer, or acquirer.
4. Provide the client company name and client company address (if applicable).
5. In the 'Select your API service' field select 'Mastercard Golden Reference Service OAuth 1.0a'.
6. Provide the commercial countries for the project. This field represents where your client is doing business.
Note: If you are creating a project on-behalf of a client, the Commercial countries represent where your client is doing business.
7. Proceed to create your 'Project Credentials'. Create a key alias and keystore password, note this.
8. Click on "Download key file" and keep the downloaded Sandbox .p12 file safe.
9. Proceed to generate your 'Additional Credentials' (such as JWE encryption keys), this will be done automatically after you click 'Create Project'
10. Once you complete this flow, click on the 'Open Project' button to reach the project page. You will land on the Project page, from the Project page take note of your: 1) Sandbox and Production status ('Ready/ Not Requested'), 2) Sandbox and Production credentials: authentication consumer key and client encryption key fingerprint.
Warning: **Key Expiry:** Mastercard {Pet Store} Sandbox and Production Keys will expire after 30 days. You will have to generate a new set of keys after they expire.
## Integrate {#integrate}
### Generate your own API client {#generate-your-own-api-client}
1. Navigate to the API documentation page.
2. Download the API specification (OpenAPI or Swagger).
3. Generate and configure an API client for this API.
4. Configure your client using our [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries).
For a detailed step-by-step guide, see [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/).
## Go-Live {#go-live}
After you have tested your implementation in our Sandbox environments, it is time to **Move to Production**.
### Steps to move to production {#steps-to-move-to-production}
1. Within your project, select "Request Production Access". 
2. Enter your Production key alias and keystore password. 
3. Save your key alias and keystore password for future reference.
4. Confirm and download your Production keys.
Note: Production Credentials are generated instantaneously, but they still need to be approved for Production environment access before you can go live. Once your Production access request has been reviewed, you will receive a notification confirming your access has been approved or denied.
๐If your API Outbound API does not have a 'create project flow' on Mastercard Developers or has additional enrollment/implementation steps use the following structure:
## Eligibility and Enrollment {#eligibility-and-enrollment}
* Ensure all eligibility prerequisites are met (e.g., company eligibility, legal compliance).
* Complete necessary enrollment, franchise and onboarding forms.
* Have a kick-off meeting with partners/acquirers/issuers to confirm the scope, timeliness and access rights.
* Contact Mastercard Customer Implementation Service (CIS) representatives (or support team representaties) and provide your service details (company name, client name, customer ID etc.).
## Access and Credentialing {#access-and-credentialing}
* Gain access to Mastercard Connect Portal, or Key Management Portals, or other required platforms.
* Obtain Company ID (CID), client ID, API credentials, and authentication details.
* Exchange encryption keys, certificates, data permissions and security credentials.
## Project Creation \& Configuration {#project-creation--configuration}
* Create a project in our Developer Portal ๐Link to external site if portal is external, link to MCD if portal is internal.
* Configure project settings, security parameters, and API access.
* Define and validate API endpoint details.
## Integration (If SDK or similar) {#integration-if-sdk-or-similar}
* Ensure security and data exchange protocols meet Mastercard's compliance requirements. Establish backend connectivity (e.g., server-to-server communication, encryption, mTLS).
* Set up frontend/backend integration models (e.g., SDK-based, dual app, or direct API calls).
* Configure authentication and authorization mechanisms.
## Generate Your Own API Client {#generate-your-own-api-client}
* Navigate to the API documentation page.
* Download the API specification (OpenAPI or Swagger).
* Generate and configure an API client for this API.
* Configure your client using our [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries).
* For a detailed step-by-step guide, see [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/).
## Testing and Go-Live {#testing-and-go-live}
* Ensure security and data exchange protocols meet Mastercard's compliance requirements.
* Establish a Sandbox environment and start using the mocked test data.
* Validate integration via the Mastercard Test Facility (MTF). Request access via the customer implementation team if needed.
* After you have tested your implementation in our Sandbox and MTF environments, it is time to **Move to Production**. For Production access, ensure you meet the requirements and contact the support implementation team {email address here}.
## Eligibility and Enrollment {#eligibility-and-enrollment}
* Ensure all eligibility prerequisites are met (e.g., company eligibility, legal compliance).
* Complete necessary enrollment, franchise and onboarding forms.
* Have a kick-off meeting with partners/acquirers/issuers to confirm the scope, timeliness and access rights.
* Contact Mastercard Customer Implementation Service (CIS) representatives (or support team representaties) and provide your service details (company name, client name, customer ID etc.).
## Access and Credentialing {#access-and-credentialing}
* Gain access to Mastercard Connect Portal, or Key Management Portals, or other required platforms.
* Obtain Company ID (CID), client ID, API credentials, and authentication details.
* Exchange encryption keys, certificates, data permissions and security credentials.
## Project Creation \& Configuration {#project-creation--configuration}
* Create a project in our Developer Portal ๐Link to external site if portal is external, link to MCD if portal is internal.
* Configure project settings, security parameters, and API access.
* Define and validate API endpoint details.
## Integration (If SDK or similar) {#integration-if-sdk-or-similar}
* Ensure security and data exchange protocols meet Mastercard's compliance requirements. Establish backend connectivity (e.g., server-to-server communication, encryption, mTLS).
* Set up frontend/backend integration models (e.g., SDK-based, dual app, or direct API calls).
* Configure authentication and authorization mechanisms.
## Generate Your Own API Client {#generate-your-own-api-client}
* Navigate to the API documentation page.
* Download the API specification (OpenAPI or Swagger).
* Generate and configure an API client for this API.
* Configure your client using our [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries).
* For a detailed step-by-step guide, see [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/).
## Testing and Go-Live {#testing-and-go-live}
* Ensure security and data exchange protocols meet Mastercard's compliance requirements.
* Establish a Sandbox environment and start using the mocked test data.
* Validate integration via the Mastercard Test Facility (MTF). Request access via the customer implementation team if needed.
* After you have tested your implementation in our Sandbox and MTF environments, it is time to **Move to Production**. For Production access, ensure you meet the requirements and contact the support implementation team {email address here}.
## Next Steps {#next-steps}
๐ Tell them to proceed to the Use Cases section.
Now that you have access to the service, you can begin testing, proceed to the [Use Cases](https://developer.mastercard.com/mastercard-agent-pay/documentation/use-cases/index.md) section to learn about the different use cases of the service.