# Postman Collection source: https://developer.mastercard.com/mastercard-processing-authentication/documentation/postman-collection/index.md ## Postman Collection {#postman-collection} Mastercard Processing offers a collection of Postman scripts to allow you to easily explore Mastercard Processing Authentication Hub APIs. You can create a new workspace or continue with the existing workspace. ### Step 1 - Import the environment variables {#step-1---import-the-environment-variables} 1. Download the environment variables collection (JSON file) [sandbox.postman_environment.zip](https://static.developer.mastercard.com/content/mastercard-processing-authentication/uploads/sandbox.postman_environment.zip) (2KB) created explicitly for the Mastercard Processing Sandbox environment. 2. Click the **Environments** tab on the left navbar of Postman. 3. Click the **Import** button. 4. Click the **Upload Files** button. 5. Click the **Import** button. ### Step 2 - Import the Postman collection {#step-2---import-the-postman-collection} 1. Download the Postman collection (JSON file) [postman_collection_v1.7.zip](https://static.developer.mastercard.com/content/mastercard-processing-authentication/uploads/postman_collection_v1.7.zip) (49KB), which includes a few sample requests for Mastercard Processing Sandbox environment APIs. 2. Similar to the environment variables import process, import the Postman collection. 3. Click the **Collections** tab on the left navbar of Postman. 4. Click the **Import** button. 5. Click the **Upload Files** button and select the above collections file. 6. Click the **Import** button. As mentioned earlier, Mastercard Processing uses the OAuth 1.0a security model, which means you must use the Private key to sign the request payload. But if you persist the Private key in the Postman workspace, it will be persisted on the internet (if you have logged in to the Postman account). In the future, someone might expose even the Production Private key similarly. Hence, to mitigate this risk, we have built a small data encryption utility to protect your Private key from getting exposed over the internet while using it inside the Postman application. ## Data Encryption Utility {#data-encryption-utility} The data encryption utility is a simple Java Spring Boot web application that allows you to store the certificates locally and securely. It also supports data/payload encryption (JWE), which is not supported by Postman. You need to compile and run this application. Postman will automatically use the endpoints exposed by this application to manage OAuth and data encryption. The data encryption utility app code for Mastercard Processing Authentication Hub APIs is available on [mp-data-encryption-utility-v1.4.0-2.zip](https://static.developer.mastercard.com/content/mastercard-processing-authentication/uploads/mp-data-encryption-utility-v1.4.0-2.zip) (35KB). Follow the steps mentioned in the README.md file (available in the root directory of the application) to configure and run the application. You must copy and paste the OAuth signing certificate (such as `sandbox-oauth-signing-certificate.p12` file) under the project source directory `src\main\resources\sandbox` and update the configurations in `src\main\resources\sandbox-application.properties`. Compile the project using `build.bat` (DOS batch file containing maven command) and run the Java application using `run-app.bat` (DOS batch file containing Java command). Once the data encryption utility application is running, go to the Postman collection, select the sandbox environment from the drop-down list, and try executing the Postman collection.