# Manage Credentials source: https://developer.mastercard.com/mastercard-developers-api/documentation/use-cases/manage_project_credentials/index.md One of the key features of the Developers API is to enable you to automate key management to minimize the effort involved in tracking and planning key rotations. You can add a new key to replace an existing one. You will need to update your code with the new key before your existing key expires. Note: Expiring keys can't be renewed and instead must be rotated by creating a new key to replace an existing one. ## Add a Project Credential {#add-a-project-credential} Project credentials are used to authenticate your request to access Mastercard Services. In addition to the credentials that authenticate your request, there could be service-specific credentials. For example, credentials required to perform payload encryption between the client and Mastercard's services. To learn more about these service-specific credentials, see [Service Credentials](https://developer.mastercard.com/mastercard-developers-api/documentation/use-cases/manage_project_credentials/index.md#service-credentials). To add a project credential, call [POST /projects/{project_id}/credentials](https://developer.mastercard.com/mastercard-developers-api/documentation/api-reference/index.md). API Reference: `POST /projects/{project_id}/credentials` Diagram addcred ## Revoke a Project Credential {#revoke-a-project-credential} To revoke a project credentials, call [DELETE /projects/{project_id}/credentials/{credential_id}](https://developer.mastercard.com/mastercard-developers-api/documentation/api-reference/index.md). Once you revoke a key, the key becomes inactive immediately and you can no longer use it to access the APIs. When revoking a key, ensure there's another active key. API Reference: `DELETE /projects/{project_id}/credentials/{credential_id}` Diagram deletecred ## Service Credentials {#service-credentials} Service credentials are used to encrypt the payload and ensure the authenticity of communication between the client application and Mastercard. Service credentials serve two primary purposes: * **Encryption** : Encryption keys encrypt the data exchanged between the client application and Mastercard. To learn more about payload encryption, see [Securing Payload Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/). To help you perform payload encryption/decryption, Mastercard provides [encryption libraries](https://github.com/Mastercard?&q=client-encryption). * **Verifying Authenticity**: Verification keys verify the authenticity and integrity of the messages exchanged, ensuring that the data has not been tampered with and is from a legitimate source. ### Types of Service Credentials {#types-of-service-credentials} The service credentials include the following types: #### Mastercard Encryption Key {#mastercard-encryption-key} Key used for encrypting responses from Mastercard to ensure secure communication. * **Owned By**: Client * **Mastercard Action**: Encrypts data using the public key * **Client Action**: Decrypts data using the private key Diagram mcencryptionkey #### Client Encryption Key {#client-encryption-key} Key used for encrypting requests sent to Mastercard to protect sensitive information during transmission. * **Owned By**: Mastercard * **Client Action**: Encrypts data using the public key * **Mastercard Action**: Decrypts data using the private key Diagram clientencryptionkey #### Client Signature Verification Key {#client-signature-verification-key} Key used to ensure the authenticity and integrity of requests sent by the client. * **Owned By**: Client * **Client Action**: Signs messages using the private key * **Mastercard Action**: Verifies signatures using the public key Diagram clientsignatureverification ## Add a Service Credential {#add-a-service-credential} To add a service credential, call [POST projects/{project_id}/services/{service_id}/credentials](https://developer.mastercard.com/mastercard-developers-api/documentation/api-reference/index.md). API Reference: `POST /projects/{project_id}/services/{service_id}/credentials` Diagram addservicecred ## Update the Status of a Credential {#update-the-status-of-a-credential} To activate Mastercard Encryption Key or the Client Signature Verification key, call [PUT projects/{project_id}/services/{service_id}/credentials/{credential_id}/status](https://developer.mastercard.com/mastercard-developers-api/documentation/api-reference/index.md). API Reference: `PUT /projects/{project_id}/services/{service_id}/credentials/{credential_id}/status` Diagram updateservicecred Note: You can update the status of only Mastercard Encryption Key and the Client Signature Verification key. Only one Mastercard Encryption Key and/or Client Signature Verification Key can be active per API, and per environment (sandbox and production). Activating a new key will deactivate the current active key. ## Retrieve a Service Credential {#retrieve-a-service-credential} Call [GET projects/{project_id}/services/{service_id}/credentials/{credential_id}](https://developer.mastercard.com/mastercard-developers-api/documentation/api-reference/index.md) to retrieve information on a service credential based on the `credential_id`. API Reference: `GET /projects/{project_id}/services/{service_id}/credentials/{credential_id}` Diagram getservicecreds ## Revoke a Service Credential by ID {#revoke-a-service-credential-by-id} To revoke a service credential, call [DELETE projects/{project_id}/services/{service_id}/credentials/{credential_id}](https://developer.mastercard.com/mastercard-developers-api/documentation/api-reference/index.md). API Reference: `DELETE /projects/{project_id}/services/{service_id}/credentials/{credential_id}` Diagram deleteservicecred