# API Basics
source: https://developer.mastercard.com/mdes-digital-enablement/documentation/api-basics/index.md

## Authentication {#authentication}

Mastercard uses OAuth 1.0a with body hash extension for authenticating the API clients. This requires every request that you send to Mastercard to be signed with an RSA private key. A private-public RSA key pair must be generated consisting of:

A private key for the OAuth signature for API requests. It is recommended to keep the private key in a password-protected or hardware keystore.
A public key is shared with Mastercard during the project setup process through either a certificate signing request (CSR) or the API Key Generator. Mastercard will use the public key to verify the OAuth signature that is provided on every API call.

### OAuth keys \& authentication libraries {#oauth-keys--authentication-libraries}

For further details, refer to [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis/)

## Encryption {#encryption}

In addition to the OAuth authentication, when using MDES Digital Enablement Service, any PCI sensitive and all account holder Personally Identifiable Information (PII) data must be encrypted. This requirement applies to the API fields containing encryptedData. Sensitive data is encrypted using a symmetric session (one-time-use) key. The symmetric session key is then wrapped with an RSA Public Key supplied by Mastercard during API setup phase (the Customer Encryption Key).

### Payload Encryption {#payload-encryption}

For further details, refer to [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/securing-sensitive-data-using-payload-encryption/)

## Environment Descriptions {#environment-descriptions}

The table below describes the three different environments that are available for the Digital Enablement API.

|        **Environment**         |                                                                                                                                                                                **Description**                                                                                                                                                                                 |
|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox                        | Early access environment containing limited-capability mock APIs, intended to help assist with the initial integration for new clients. The Sandbox returns mock responses for a defined request. The JSON samples can be used as a reference for sending requests and receiving responses. The Sandbox will only validate the length and data type of the request parameters. |
| Mastercard Test Facility (MTF) | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production.                                                                                                                                                                                                               |
| Production                     | Full production environment containing the latest production API release.                                                                                                                                                                                                                                                                                                      |

Note: For testing in the India region, there is no Sandbox environment; use the MTF environment.