# API Basics
source: https://developer.mastercard.com/mastercom-extended/documentation/api-basics/index.md

## Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. Manage your authentication keys from the [Developer Dashboard](https://developer.mastercard.com/dashboard) after creating a project using Mastercom Extended.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? Read [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

## Transport Encryption {#transport-encryption}

All connections to Mastercard are secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security). Data is secured by default when transmitted across networks. tes test

## How to Consume the Mastercom Extended API? {#how-to-consume-the-mastercom-extended-api}

Note: There are multiple ways of integrating with Mastercom Extended.

1. Use a generated API client (recommended).
2. Use a method of your choice.

### Generate your own Mastercom Extended API client {#generate-your-own-mastercom-extended-api-client}

Create customizable API clients from the Mastercom Extended API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers flexibility and is strongly recommended.

Follow the [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/generating-and-configuring-a-mastercard-api-client/) tutorial with a Mastercom Extended API specification:

* [dispute-processing-api.yml](https://static.developer.mastercard.com/content/mastercom-extended/swagger/dispute-processing-api.yml) (72KB)   
* [transactions-claims-documents-fraud-api.yml](https://static.developer.mastercard.com/content/mastercom-extended/swagger/transactions-claims-documents-fraud-api.yml) (151KB)   
* [queues-reports-api.yml](https://static.developer.mastercard.com/content/mastercom-extended/swagger/queues-reports-api.yml) (48KB)   
* [send-payment-dispute-processing-api.yml](https://static.developer.mastercard.com/content/mastercom-extended/swagger/send-payment-dispute-processing-api.yml) (16KB)   

Please ignore steps 5 and 7 of the tutorial as the Mastercom Extended API does not use payload encryption.

### Use a method of your choice {#use-a-method-of-your-choice}

Use the REST/HTTP client of your choice and leverage the Mastercard open-source [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) for signing your requests.

Refer to the Mastercom Extended [REST API Reference](https://developer.mastercard.com/mastercom-extended/documentation/api-reference/index.md).

## Conventions {#conventions}

For more information about dispute processing messages, refer to the [Mastercard Network Processing Dual Message Clearing System Guide](https://trc-techresource.mastercard.com/r/bundle/m_DMC_guide_en-us/page/d/en-US/). For Single Message, refer to the [Mastercard Network Processing Single Message System Guide](https://trc-techresource.mastercard.com/r/bundle/m_SMS_Guide_en-us/page/d/en-US/) in the Technical Resource Center on Mastercard Connect.

## Best Practices {#best-practices}

Customers should not rely on API failures as part of normal practices. Mastercom recommends that customers use endpoints as expected per the user journeys.

## Environment Descriptions {#environment-descriptions}

|       Name        |                                                                                                                                                                                                                                                           Description                                                                                                                                                                                                                                                            |                              URL                              |
|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|
| Sandbox Global    | Early access environment containing limited-capability mocked API responses, intended to assist with the initial integration for new clients. After customers complete additional onboarding, the environment functions as MTF, and contains the real test data responses of the API, intended for full integration testing prior to moving to production. Global customers test Single Message transaction disputes in this environment.                                                                                        | `https://sandbox.dispute.mastercard.com/mastercom-extended`   |
| Production Global | The full production environment containing the latest production API release. Global customers manage Single Message transaction disputes in this environment.                                                                                                                                                                                                                                                                                                                                                                   | `https://dispute.mastercard.com/mastercom-extended`           |
| Sandbox India     | Early access environment containing limited-capability mocked API responses, intended to assist with the initial integration for new clients. After customers complete additional onboarding, the environment functions as MTF, and contains the real test data responses of the API, intended for full integration testing prior to moving to production. Customers in India can test their domestic (Single and Dual Message) transaction disputes and cross-border (Single Message) transaction disputes in this environment. | `https://sandbox.dispute.mastercard.co.in/mastercom-extended` |
| Production India  | The full production environment containing the latest production API release. Customers in India can manage their domestic (Single and Dual Message) transaction disputes and cross-border (Single Message) transaction disputes in this environment.                                                                                                                                                                                                                                                                            | `https://dispute.mastercard.co.in/mastercom-extended`         |

OAuth 1.0a authentication is identical across Sandbox and Production. The only difference is the base URL. No additional authentication or encryption steps are required when promoting to Production.

## Next Steps {#next-steps}

Now that you have an understanding of the service's authentication and encryption, proceed to the [Quick Start Guide](https://developer.mastercard.com/mastercom-extended/documentation/quick-start-guide/index.md) section to learn how to access the API and generate your credentials.
