# Getting Started source: https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/getting-started/index.md The MPQR APIs are detailed in separate OpenAPI specifications (see [API Reference](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/api-reference/index.md)) and they support JSON and XML requests and responses. There are three API environments: * **Sandbox** provides API stubs that return simulated responses enabling you to try the APIs quickly. Sandbox is available for the Payment API and Retrieval API. * **Mastercard Test Facility (MTF)** is a Production-like environment with simulated responses that enables you to develop and test your solution with the full APIs. * **Production** ## Before You Start {#before-you-start} Originating Institutions (consumer banks), Transaction Originators (wallet providers), Receiving Institutions (merchant banks) and Processors are eligible to participate in the Mastercard Merchant Presented QR program. Participants must be a Mastercard licensed financial institution or sponsored by a Mastercard licensed financial institution, registered and approved for Mastercard Merchant Presented QR, and comply with all applicable regulations, including Know Your Customer. You must submit the relevant version of *Form 1274 - Registration for Mastercard Merchant Presented QR* for your region. Third-party wallet providers must be registered as a Digital Activity Customer (DAC), which requires *Form 1219 - Digital Activity Customer Application and Digital Activity Agreement*. Your [Mastercard representative](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/support/index.md) will assist you with registration. Forms are located at Mastercard Connect \> Help \> [Find a form](https://w201.mastercardconnect.com/gcccic001/homememb/library/shared/Forms_Library/Forms.htm). Mastercard must review and approve your completed form(s) before you can access the MTF environment. Use of the MPQR APIs must be in accordance with the applicable program rules and Mastercard Rules, see [Guides](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/tutorials-and-guides/index.md#guides). ## Good to Know {#good-to-know} The APIs use authentication: * You set up the required keys when you create your Mastercard Developers project for this service. * Mastercard provides client libraries that you can use. For more information about authentication and the keys, see [API Basics](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/api-basics/index.md). Warning: When you download the private project keys created by the Mastercard browser-based key generator during project creation, store the keys carefully and securely. Mastercard does not know and never stores your private keys. Project keys are subject to annual renewal, and you add, renew and revoke (delete) keys via your Mastercard Developers project page. Mastercard recommends that you use a group email address when creating your project to ensure that team members can access the Mastercard Developers account used for testing and production. To view a working example of an application using this service, see [Reference App](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/reference-app/index.md). To ease the integration of the MPQR APIs into your application, we recommend that you use an API client generator, see [Tutorials](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/tutorials-and-guides/index.md). Note: Users of this documentation may find discrepancies in field lengths specified in the [EMVCo specification](https://www.emvco.com/specifications/emv-qr-code-specification-for-payment-systems-emv-qrcps-merchant-presented-mode/) and the Mastercard API specifications for QR fields. Please ensure that values passed in API fields conform to the Mastercard API specifications. ## Create Your Project and Keys {#create-your-project-and-keys} ![](https://static.developer.mastercard.com/content/mastercard-merchant-presented-qr/documentation/img/mpqr-getting-started-steps.png) The following instructions describe how to create a new Mastercard Developers project for the MPQR service. You start in Sandbox, setting up the **Mastercard Merchant Presented QR** API service and Sandbox Keys, then trying the Sandbox API stubs **without** Mastercard assistance. When you have completed registration for the MPQR program, you request setup in the MTF environment and test the service in MTF. Your [Mastercard representative](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/support/index.md) will provide test cases and assistance. When testing is complete and a Go Live date has been agreed, request Production access for your project and set up the Production Keys, then validate the service in Production. ### Set Up the Project and Sandbox Keys {#set-up-the-project-and-sandbox-keys} During this process, your Sandbox Keys will be generated by the Mastercard browser-based key generator. To set up your project in Sandbox: 1. Select **My Projects \> Create New Project**. 2. For Select an API, select **Mastercard Merchant Presented QR** from the list (if the required API service is not already chosen) and click **Continue**. 3. For Configure Project, specify a project name and click **Continue**. You cannot change the project name later. 4. For Download Sandbox Signing Key, click **Download PKCS#12 Keystore**. 5. When prompted by your browser, download the zip file, which contains the Sandbox Key pair (P12 file): **{Project Name}-sandbox.p12** . The Sandbox Key alias and Keystore password are provided in the **readme.txt** file and on your project page. 6. Click **Continue**. 7. Click **Confirm and Continue** . Your project page appears. You can now try the Sandbox API stubs for the Payment API and Retrieval API, without Mastercard assistance. For your API calls: * Use the Sandbox keys to generate the OAuth 1.0a Authorization Header, see [API Basics](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/api-basics/index.md) * Use the Sandbox URL path and a `partnerId` value of `ptnr_BEeCrYJHh2BXTXPy_PEtp-8DBOo` For guidance, see [Payment API Sandbox Testing](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/api-reference/payment-api/index.md#sandbox-testing) and [Retrieval API Sandbox Testing](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/api-reference/retrieval-api/index.md#sandbox-testing). ### Request MTF Setup {#request-mtf-setup} When you have completed registration for the MPQR program, you are ready to request setup in the MTF environment. You will access the MTF environment using the Sandbox keys, which you have already set up. If you want to generate and use your own keys instead, you can renew them using your Certificate Signing Request (CSR) file, by clicking **Actions \> Renew** next to the keys in the product page; see [Credential Management](https://developer.mastercard.com/platform/documentation/credential-management/). Copy the Consumer Key shown on your project page under Sandbox Keys (masked example shown below), by using **Actions \> Copy Consumer Key** , and provide it to your [Mastercard representative](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/support/index.md), identifying your project and that the key is for the MTF environment. ![](https://static.developer.mastercard.com/content/mastercard-merchant-presented-qr/documentation/img/mastercard-send-consumer-key.png) It can take 5-7 business days for Mastercard to configure the MTF environment for your keys. Mastercard will notify you when you can start making API calls to that environment. Perform attended testing in MTF using the test cases provided by your Mastercard representative. When your testing is complete and has been validated by Mastercard, you will receive a Testing Acknowledgement Notice (TAN) letter. ### Request Production Access and Set Up the Production Keys {#request-production-access-and-set-up-the-production-keys} When you have completed testing, scheduled a Go Live date and are ready to move to Production: 1. In the Production section of your project page, click **Request Production Access**. 2. For Overview, click **Continue**. 3. For Create Production Key, you generate or upload the key that is used for API authentication. Either: * Generate the key in your browser: Specify the **Key Alias** and **Keystore Password**. * Upload your own public key (in PEM format): Click **Upload existing CSR instead** , specify the **Key Alias** and select your CSR file. 4. Click **Next**. 5. Click **Submit**. 6. If you chose to generate the Production Keys in your browser, download the Private Production Key P12 file (**{Key Alias}-production.p12**) when prompted by your browser. 7. Click **Okay** . An email message is automatically sent to your email address about the key you have created. The key will need to be activated by Mastercard, in Mastercard systems, before it can be used. 8. Copy the Consumer Key shown on your project page under Production Keys (masked example shown below), by using **Actions \> Copy Consumer Key** , and provide it to your [Mastercard representative](https://developer.mastercard.com/mastercard-merchant-presented-qr/documentation/server-apis/support/index.md), identifying your project and that the key is for the Production environment. ![](https://static.developer.mastercard.com/content/mastercard-merchant-presented-qr/documentation/img/mastercard-send-consumer-key.png) It can take 5-7 business days for Mastercard to configure the Production environment for your keys. Mastercard will notify you when you can start making API calls to that environment.