# API Basics source: https://developer.mastercard.com/mastercom-extended/documentation/api-basics/index.md ## API Security {#api-security} ### Client Authentication {#client-authentication} Mastercard uses OAuth 1.0a for authenticating your application. Manage your authentication keys from the [Developer Dashboard](https://developer.mastercard.com/dashboard) after creating a project using Mastercom Extended. Tip: Do you want to learn more about the authentication scheme Mastercard uses? Read [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) guide. ### Transport Encryption {#transport-encryption} The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data is encrypted by default when transmitted across networks. ## How to Consume the Mastercom Extended API? {#how-to-consume-the-mastercom-extended-api} Note: There are multiple ways of integrating with Mastercom Extended. 1. Use a generated API client (recommended). 2. Use a method of your choice. ### Generate Your Own Mastercom Extended API Client {#generate-your-own-mastercom-extended-api-client} Create customizable API clients from the Mastercom Extended API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers flexibility and is strongly recommended. Follow the [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/generating-and-configuring-a-mastercard-api-client/) tutorial with a Mastercom Extended API specification: * [dispute-processing-api.yml](https://static.developer.mastercard.com/content/mastercom-extended/swagger/dispute-processing-api.yml) (73KB) * [transactions-claims-documents-fraud-api.yml](https://static.developer.mastercard.com/content/mastercom-extended/swagger/transactions-claims-documents-fraud-api.yml) (148KB) * [queues-reports-api.yml](https://static.developer.mastercard.com/content/mastercom-extended/swagger/queues-reports-api.yml) (44KB) * [send-payment-dispute-processing-api.yml](https://static.developer.mastercard.com/content/mastercom-extended/swagger/send-payment-dispute-processing-api.yml) (15KB) ### Use a Method of Your Choice {#use-a-method-of-your-choice} Use the REST/HTTP client of your choice and leverage the Mastercard open-source [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) for signing your requests. Refer to the Mastercom Extended [REST API Reference](https://developer.mastercard.com/mastercom-extended/documentation/api-reference/index.md). ## Conventions {#conventions} For more information about dispute processing messages, refer to the [Global Clearing Management System Reference Manual](https://trc-techresource.mastercard.com/r/bundle/m_gcmsrefmanual_en-us/page/d/en-US/). For Single Message, refer to [Single Message System Specifications](https://trc-techresource.mastercard.com/r/bundle/m_CR_en-us/page/d/en-US/) in the Technical Resource Center on Mastercard Connect. ## Best Practices {#best-practices} Customers should not rely on API failures as part of normal practices. Mastercom recommends that customers use endpoints as expected per the user journeys. ## Environment Descriptions {#environment-descriptions} | Name | Description | |------------|-----------------------------------------------------------------------------------------------------------------------------------------------| | Sandbox | Early access environment containing limited-capability mocked API responses, intended to assist with the initial integration for new clients. | | Production | The full production environment containing the latest production API release. |