# API Basics source: https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/api-basics/index.md ## Authentication {#authentication} * Mastercard uses [OAuth 1.0a](https://tools.ietf.org/html/rfc5849) for authenticating client applications * Requests with a body must be signed using the [Google Request Body Hash extension](https://tools.ietf.org/id/draft-eaton-oauth-bodyhash-00.html) for OAuth * OAuth Keys for your project can be set up in your [dashboard](https://developer.mastercard.com/dashboard) * Client authentication libraries can be found on [GitHub](https://github.com/Mastercard?&q=oauth), with how-to information provided in [README.md](https://github.com/Mastercard/oauth1-signer-java/blob/master/README.md) files ## How to Consume the Priceless Platform API {#how-to-consume-the-priceless-platform-api} Note: There are multiple ways of integrating with the Priceless Platform API: 1. Using a generated API client, such as a mobile or web application (recommended) 2. Using a [webview](https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/tutorials-and-guides/test-webview/index.md) 3. Using a method of your choice ### Generating your own Priceless Platform API client {#generating-your-own-priceless-platform-api-client} Download the [reference app](https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/reference-app/index.md) and use the `Readme` file inside the package to install it and run sample queries. Then use the collection of classes and models that come with the reference app to build your own app or service using the reference app as a template. ### Using a webview {#using-a-webview} Use your preferred API testing tool, such as [Insomnia](https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/tutorials-and-guides/test-api-insomnia/index.md), to generate a single sign-on (SSO) token which you can then use in a URL to view and personalize benefits in a browser. ### Using a method of your choice {#using-a-method-of-your-choice} The Priceless Platform exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and dealing with payload encryption. For that, please refer to the Priceless Platform API [REST API Reference](https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/api-reference/index.md). ## Insomnia {#insomnia} If you want to use Insomnia to test out authentication, or even some first steps with this API - here is a [tutorial](https://developer.mastercard.com/platform/tutorial/use-insomnia-rest-client-for-mastercard-apis?lang=#overview) specifically for Mastercard Developers. ## Client Libraries {#client-libraries} Mastercard provides [client authentication libraries](https://github.com/Mastercard?q=oauth) in several programming languages. You can integrate them into your project or use as reference OAuth 1.0a implementations. To get started, simply add to your project the package matching your application development language. You can also refer to the different [README.md](https://github.com/Mastercard/oauth1-signer-java/blob/master/README.md) files for detailed how-to information. Tip: OAuth 1.0a presents many edge cases that are easy to miss. We strongly encourage you to use existing OAuth libraries rather than implementing the specification yourself. For further details, refer to the following article on Mastercard Developers: [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis) ## Environments {#environments} The table below describes the two different environments that are available. Use your `partnerId` that you should receive from the API integration specialist for both environments. | **Environment** | **Description** | |-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Sandbox | This is a test environment where you will use [test data](https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/testing/index.md#Test-Data) to submit requests for mock benefits attached to a sample credit card range. The payloads will also contain test data. You will need to use the Sandbox server address in the endpoint URL, which is `https://sandbox.api.mastercard.com/the-portal`. | | Production | This is a live environment where you are supposed to use real consumers' credit card numbers when placing orders or submitting requests for actual benefits attached to those credit cards. Any transactions that will take place in the real environment will likely affect the consumer's credit card profile. You will need to use the live server address in the endpoint URL, which is `https://api.mastercard.com/the-portal`. |