# API Basics
source: https://developer.mastercard.com/mdes-token-connect/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using MDES Token Connect.

### Transport and Payload Encryption {#transport-and-payload-encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data are encrypted by default when transmitted across networks.

In addition to that, MDES Token Connect uses end-to-end payload encryption to secure sensitive data like Personally Identifying Information (PII).
You can manage your encryption keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard).
Tip: Do you want to learn more about the authentication and encryption schemes Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) and [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guides.

## How to Consume the MDES Token Connect API? {#how-to-consume-the-mdes-token-connect-api}

Note: There are multiple ways of integrating with MDES Token Connect:

1. Using a generated API client (recommended)
2. Using a method of your choice

### Generating your own MDES Token Connect API client {#generating-your-own-mdes-token-connect-api-client}

Create customizable API clients from the MDES Token Connect API specification and let Mastercard open-source client libraries handle the authentication and encryption for you. This approach offers the more flexibility and is strongly recommended.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with:

* The Token Connect [API specification](https://developer.mastercard.com/mdes-token-connect/documentation/api-reference/index.md)
* The following encryption certificate (sandbox): [Public-Key-Certificate.crt](https://static.developer.mastercard.com/content/mdes-token-connect/uploads/Public-Key-Certificate.crt) (2KB)
* The encryption configuration below (to be used at the "*Enable Encryption*" step):

* Java
* C#

```java
FieldLevelEncryptionConfig fieldLevelEncryptionConfig = FieldLevelEncryptionConfigBuilder.aFieldLevelEncryptionConfig()
    .withEncryptionPath("$.pushFundingAccount.encryptedPayload.encryptedData", "$.pushFundingAccount.encryptedPayload")
    .withEncryptionCertificate(EncryptionUtils.loadEncryptionCertificate("path/to/token-connect-request-encryption-sandbox.crt"))
    .withOaepPaddingDigestAlgorithm("SHA-512")
    .withEncryptedValueFieldName("encryptedData")
    .withEncryptedKeyFieldName("encryptedKey")
    .withIvFieldName("iv")
    .withOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm")
    .withEncryptionCertificateFingerprintFieldName("publicKeyFingerprint")
    .withFieldValueEncoding(FieldValueEncoding.HEX)
    .build();
```

```csharp
var fieldLevelEncryptionConfig = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
    .WithEncryptionPath("$.pushFundingAccount.encryptedPayload.encryptedData", "$.pushFundingAccount.encryptedPayload")
    .WithEncryptionCertificate(EncryptionUtils.LoadEncryptionCertificate("path/to/token-connect-request-encryption-sandbox.crt"))
    .WithOaepPaddingDigestAlgorithm("SHA-512")
    .WithEncryptedValueFieldName("encryptedData")
    .WithEncryptedKeyFieldName("encryptedKey")
    .WithIvFieldName("iv")
    .WithOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm")
    .WithEncryptionCertificateFingerprintFieldName("publicKeyFingerprint")
    .WithValueEncoding(FieldValueEncoding.Hex)
    .Build();
```

### Using a method of your choice {#using-a-method-of-your-choice}

MDES Token Connect exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and dealing with payload encryption.

For that, please refer to the MDES Token Connect [REST API Reference](https://developer.mastercard.com/mdes-token-connect/documentation/api-reference/index.md).