# API Basics source: https://developer.mastercard.com/mastercom/documentation/api-basics/index.md ## API Security {#api-security} ### Client Authentication {#client-authentication} Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using Mastercom. Tip: Do you want to learn about the authentication scheme Mastercard uses? Read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) guide. ### Transport Encryption {#transport-encryption} The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data is encrypted by default when transmitted across networks. ## How to Consume the Mastercom API? {#how-to-consume-the-mastercom-api} Note: There are multiple ways of integrating with Mastercom. 1. Using a generated API client (recommended). 2. Using a method of your choice. ### Generate Your Own Mastercom API Client {#generate-your-own-mastercom-api-client} Create customizable API clients from the Mastercom API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended. Follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/generating-and-configuring-a-mastercard-api-client/) tutorial with the following API specification: [mastercom-v6.yaml](https://static.developer.mastercard.com/content/mastercom/swagger/mastercom-v6.yaml) (405KB) ### Using a method of your choice {#using-a-method-of-your-choice} Use the REST/HTTP client of your choice and leverage the Mastercard open-source [client libraries](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) for signing your requests. Refer to the Mastercom [REST API Reference](https://developer.mastercard.com/mastercom/documentation/api-reference/v6-reference/index.md). ## Conventions {#conventions} For more information about dispute processing messages, refer to the [Global Clearing Management System Reference Manual](https://trc-techresource.mastercard.com/r/bundle/m_gcms_en-us/page/d/en-US). ## Best Practices {#best-practices} Customers should not rely on API failures as part of normal practices. Mastercom recommends that customers use endpoints as expected per the user journeys. #### Avoid Duplicate Dispute Events {#avoid-duplicate-dispute-events} Mastercom checks for duplicate dispute events (chargebacks, claims, etc) when customers send multiple API calls to create multiple dispute events. The Mastercom system is unable to check for duplicate dispute events if a customer sends multiple API calls with dispute events in less than a minute. To avoid duplication, do not send multiple API calls with multiple dispute events in under 60 seconds. Note: Wait one hour after a timeout before resubmitting the API call to create the same dispute event. ## Environment Descriptions {#environment-descriptions} | Name | Description | |------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Sandbox | Early access environment containing limited-capability mocked API responses, intended to assist with the initial integration for new clients. After customers complete additional onboarding, the environment functions as MTF, and contains the real test data responses of the API, intended for full integration testing prior to moving to production. | | Production | The full production environment containing the latest production API release. |