# API Basics
source: https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/api-basics/index.md

## Client authentication {#client-authentication}

To access Mastercard APIs, you will need to configure your API client to authenticate using one of the following supported authentication protocols.

| Authentication protocol |                                                                                                                            Description                                                                                                                             |                                                                     Reference information                                                                      |
|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|
| OAuth 1.0a              | This is the default authentication mechanism used by most APIs on Mastercard Developers. OAuth 1.0a is an authentication and authorization protocol that guarantee the integrity and authenticity of incoming API calls and allow for non-repudiation of requests. | [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) |
| OAuth 2.0               | Mastercard APIs use the OAuth 2.0 client credentials flow to authenticate API clients, and [FAPI 2.0](https://openid.bitbucket.io/fapi/fapi-security-profile-2_0.html), a security profile built for financial services.                                           | [Using OAuth 2.0 to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-2-to-access-mastercard-apis/)   |

You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard/) after you have created a project for Offers for Publishers or User Account Administration.

### Upgrade to OAuth 2.0 {#upgrade-to-oauth-20}

If your Mastercard Developers project uses OAuth 1.0a and the APIs in your project support OAuth 2.0, you can upgrade your project to support both authentication methods. To upgrade, follow the steps in the [Upgrading Keys to OAuth 2.0](https://developer.mastercard.com/platform/documentation/credential-management/oauth-key-management/#upgrading-keys-to-oauth-20) section.

### How to Consume the Priceless Platform API {#how-to-consume-the-priceless-platform-api}

> **NOTE**   
>
> There are multiple ways of integrating with the Priceless Platform API:
>
> 1. Using a generated API client (recommended)
> 2. Using a webview
> 3. Using a method of your choice

##### Generating your own Priceless Platform API client {#generating-your-own-priceless-platform-api-client}

Download the reference app and follow the `README` to install and run sample queries. Use the provided classes and models as a template for your own application.

##### Using a webview {#using-a-webview}

Use an API testing tool such as Insomnia to generate a single sign‑on (SSO) token, which can then be used in a URL to view and personalize benefits in a browser.

##### Using a method of your choice {#using-a-method-of-your-choice}

Priceless platform API exposes a REST API. You are free to use the REST/HTTP client of your choice and can still use the Mastercard open-source client libraries for signing your requests.

Refer to the Priceless platform API [API Reference](https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/api-reference/) section for details.

##### Insomnia {#insomnia}

A dedicated Insomnia tutorial is available for testing authentication and initial API calls.

##### Client Libraries {#client-libraries}

Mastercard provides client authentication libraries in multiple programming languages. These libraries help avoid common OAuth edge cases and are strongly recommended over custom implementations:

* [Client libraries for OAuth 1.0a](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries)
* [Client libraries for OAuth 2.0](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-2-to-access-mastercard-apis/#client-libraries)

*** ** * ** ***

## Environments {#environments}

The table describes the two different environments that are available.

| Environment |                                                                                                         Description                                                                                                          |                    Base URLs                    |
|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
| Sandbox     | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production. Use your Sandbox key to authenticate with this environment. | `https://sandbox.api.mastercard.com/the-portal` |
| Production  | Full production environment containing the latest production API release. Use your Production key to authenticate with this environment.                                                                                     | `https://api.mastercard.com/the-portal`         |

## Next steps {#next-steps}

Now that you have an understanding of the authentication and encryption requirements, proceed to the [Quick Start Guide](https://developer.mastercard.com/mastercard-benefits-and-experiences-portal/documentation/quick-start-guide/) section to learn how to access the API and generate your credentials.
