# Making an API call
source: https://developer.mastercard.com/mastercard-insurance-programs/documentation/tutorials-and-guides/step4/index.md

## Create the signingKey for generating the OAuth credentials. {#create-the-signingkey-for-generating-the-oauth-credentials}

Class `AuthenticationUtils` is provided by the Mastercard OAuth1 Signer library.

```java
String consumerKey = "#YOUR 97 CHARACTER CONSUMER KEY HERE#";
String keyAlias = "#YOUR KEY ALIAS HERE#";
String keyStorePassword = "#YOUR KEY PASSWORD HERE#";
String p12File = "#PATH TO YOUR P12 FILE HERE#";

PrivateKey signingKey = AuthenticationUtils.loadSigningKey(p12File, keyAlias, keyStorePassword);
```

## Create configuration for payload encryption {#create-configuration-for-payload-encryption}

```java
String encryptionCert = "#PATH TO ENCRYTION PEM FILE";
Certificate encryptionCertificate = EncryptionUtils.loadEncryptionCertificate(encryptionCert);

JweConfig config = JweConfigBuilder.aJweEncryptionConfig()
  .withEncryptionCertificate(encryptionCertificate)
  .withEncryptionPath("$", "$")
  .withEncryptedValueFieldName("encryptedValue")
  .build();
```

## Instantiate ApiClient and add signing and encryption interceptors {#instantiate-apiclient-and-add-signing-and-encryption-interceptors}

The interceptors will handle signing the request and encrypting the request parameters

```java
  ApiClient encryptedPayloadClient = new ApiClient();
  OkHttpClient.Builder httpClientBuilder = encryptedPayloadClient.getHttpClient().newBuilder();

  // Configure the Mastercard service URL
  encryptedPayloadClient.setBasePath("https://sandbox.api.mastercard.com/loyalty/insurance");

  // Add the interceptor code responsible for signing and encrypting HTTP requests
  httpClientBuilder
  .addInterceptor(OkHttpEncryptionInterceptor.from(config))
  .addInterceptor(new OkHttpOAuth1Interceptor(consumerKey, signingKey));

  encryptedPayloadClient.setHttpClient(httpClientBuilder.build());
```

Note: `.addInterceptor(OkHttpEncryptionInterceptor.from(config));` should be added only for User data token request payload, the claims search endpoint request should not be encrypted.