# Support
source: https://developer.mastercard.com/payment-account-reference-inquiry/documentation/support/index.md

## FAQ {#faq}

The Payment Account Reference Inquiry API provides the ability to inquire the PAR vault for lookup or generate the PAR value if not already created before, when providing a Primary Account (PAN) or MDES token. In order for acquirers and merchants to realize the benefits of PAR, the value must be unique for that PAN across the industry. PAR values will begin with a four-digit BIN Controller Identifier assigned to Mastercard by EMVCo followed by a unique 25 position value. Registered Merchants, Acquirers, Acquiring Processors, Digital Activity Customers (DACs), and Gateways can access the Payment Account Reference Inquiry API. Use the [Quick Start Guide](https://developer.mastercard.com/payment-account-reference-inquiry/documentation/getting-started/index.md) and the Good to Know section to learn about integrating with Mastercard APIs and what testing environments are available. Over time, acquirers and merchants can replace stored PANs with PARs in order to link transactions to consumer accounts. This will reduce a merchant's and acquirer's risk of data compromise and fraud commonly associated with the storage of PANs at rest. The establishment of a Mastercard PAR associated to a PAN and all affiliated Tokens to the PAN will enable acquirers and merchants to uniquely identify a cardholder account without continued exposure and storage of the PAN. With the adoption of PAR, acquirers will no longer need to receive the full PAN in authorization response messages. The PAR is for uniquely referencing a PAN only and will not be used to replace the PAN in payment transaction processing. You can either use a generated API client (recommended) or another method of your choice. Refer to the [integration tutorial](https://developer.mastercard.com/payment-account-reference-inquiry/documentation/tutorials/integrate/index.md). Yes, you need to open a CIS project to request the MTF and Production access and testing. No, a client ID is associated to a particular project and is specific to Sandbox and Production environments. Refer to the [API Basics](https://developer.mastercard.com/payment-account-reference-inquiry/documentation/api-basics/index.md) page for the details. The sandbox environment will return static responses to correctly formatted requests. Sandbox is a good environment to make sure that you can correctly authenticate with the gateway using OAuth 1.0a and encrypt sensitive data in the requests and decrypt data from the responses. Sandbox encryption keys are shown on "my Projects" page. The encryption keys will be exchanged through Mastercard Developers. The keys are created as part of project creation and available for download from the Project Dashboard. Please refer to the link below with instructions on key renewal:  
<https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/renewing-your-keys/> New encryption keys can be added in the Project dashboard. After a new key is created, the old key will remain valid until it's expiration date or is revoked. Please refer to the link below with instructions on key renewal:  
<https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/renewing-your-keys/#2-individual-api-keys/> Please check the PKCS#12 file which typically has SHA-256 format and your server configuration is enabled to support such format.  

Also check the X509KeyStorageFlags when loading the key.

Example:
const X509KeyStorageFlags flags = X509KeyStorageFlags.MachineKeySet \| X509KeyStorageFlags.Exportable;
var privateKey = AuthenticationUtils.LoadSigningKey(keyContainerPath, keyAlias, keyPassword, flags);

<https://github.com/Mastercard/oauth1-signer-csharp/blob/master/Mastercard.Developer.OAuth1Signer.Core/Utils/AuthenticationUtils.cs#L16>
Currently, there are no fees for the API calls. Any CIS project implemntation fees will still apply. Yes, in order to keep MDES performance as high as possible and provide the most optimized response time, Mastercard reserves the right to throttle during peak periods. We recommend customers to not exceed 5 Transactions Per Second (TPS) when using the PAR Inquiry API. Implementation should typically take around 8-10 weeks. The time to implement will vary depending on the complexity of your own systems and will include registration, testing connectivity, key exchange, determining testing scope, and testing within the various environments.

## Get Help {#get-help}

For additional support please [Contact Us](https://developer.mastercard.com/support)