# Integration with PAR API source: https://developer.mastercard.com/payment-account-reference-inquiry/documentation/tutorials/integrate/index.md ## Overview {#overview} In this tutorial you will learn how to configure and run the Payment Account Reference Inquiry API. You will also learn how the authentication and encryption modules work for this API client. ### APIs used in this tutorial {#apis-used-in-this-tutorial} * [Payment Account Reference Inquiry](https://developer.mastercard.com/payment-account-reference-inquiry/documentation/api-reference/index.md) ### What you'll learn: {#what-youll-learn} * How to generate and configure a Mastercard API Client * How to configure client authentication and request encryption * How to send the API request and what the response means. ## Prerequisites {#prerequisites} * You should have completed the Create a New Payment Account Reference Inquiry API project tutorial and retained a copy of: * Your **Signing Key** certificate (suffixed `.p12`) for authenticating an API request via OAuth. * The **Consumer Key** identifier, Key Alias and Key Password associated with the above key. * You should have downloaded the **Encryption Keys** from your project dashboard. This tutorial uses the Sandbox environment, so you should check that you have network connectivity to `sandbox.api.mastercard.com` before starting. Note: Sandbox uses static response bodies. You will be able to test the orchestration of calls when you test in MTF or Production. ## Generate and Configure an API client {#generate-and-configure-an-api-client} Create customizable API clients from the **Payment Account Reference Inquiry** API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers the more flexibility and is strongly recommended. For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the API specification on the [API Reference](https://developer.mastercard.com/payment-account-reference-inquiry/documentation/api-reference/index.md) page. * The encryption certificate (sandbox) * The encryption configuration below (to be used at the "*Enable Encryption*" step): Mastercard provides [Client Encryption libraries](https://github.com/Mastercard?q=client-encryption) in several languages which you can integrate into your project. For these you will need a configuration object as follows: * Java * NodeJS * C# * Python * PHP * Ruby ```Java { FieldLevelEncryptionConfig config = FieldLevelEncryptionConfigBuilder.aFieldLevelEncryptionConfig() .withEncryptionPath("$.encryptedPayload.encryptedData", "$.encryptedPayload") .withDecryptionPath("$.encryptedPayload", "$.encryptedPayload.encryptedData") .withEncryptionCertificate(encryptionCertificate) .withDecryptionKey(decryptionKey) .withOaepPaddingDigestAlgorithm("SHA-512") .withEncryptedValueFieldName("encryptedData") .withEncryptedKeyFieldName("encryptedKey") .withIvFieldName("iv") .withOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm") .withEncryptionCertificateFingerprintFieldName("publicKeyFingerprint") .withFieldValueEncoding(FieldValueEncoding.HEX) .withEncryptionCertificateFingerprint() .build(); } ``` ```NodeJS { paths: [ { path: "/getPaymentAccountReference", toEncrypt: [ { element: "encryptedPayload.encryptedData", obj: "encryptedPayload" }], toDecrypt: [ { element: "encryptedPayload", obj: "encryptedPayload.encryptedData" } ] } ], oaepPaddingDigestAlgorithm: 'SHA-512', ivFieldName: 'iv', encryptedKeyFieldName: 'encryptedKey', encryptedValueFieldName: 'encryptedData', oaepHashingAlgorithmFieldName: 'oaepHashingAlgorithm', publicKeyFingerprintFieldName: 'publicKeyFingerprint', publicKeyFingerprintType: "certificate", dataEncoding: 'hex', encryptionCertificate: "./path/to/your/encryption.crt", privateKey: "./path/to/private.key", publicKeyFingerprintHeaderName: "" } ``` ```C# var config = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithEncryptionPath("$.encryptedPayload.encryptedData", "$.encryptedPayload") .WithDecryptionPath("$.encryptedPayload", "$.encryptedPayload.encryptedData") .WithEncryptionCertificate(encryptionCertificate) .WithDecryptionKey(decryptionKey) .WithOaepPaddingDigestAlgorithm("SHA-512") .WithEncryptedValueFieldName("encryptedData") .WithEncryptedKeyFieldName("encryptedKey") .WithIvFieldName("iv") .WithOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm") .WithEncryptionCertificateFingerprintFieldName("publicKeyFingerprint") .WithValueEncoding(FieldValueEncoding.Hex) .WithEncryptionCertificateFingerprint("80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279") .Build(); ``` ```Python { "paths": { "$": { "toEncrypt": { "encryptedPayload.encryptedData": "encryptedPayload" }, "toDecrypt": { "encryptedPayload": "encryptedPayload.encryptedData" } } }, "ivFieldName": "iv", "encryptedKeyFieldName": "encryptedKey", "encryptedValueFieldName": "encryptedData", "dataEncoding": "hex", "encryptionCertificate": "./path/to/your/encryption.crtt", "decryptionKey": "./path/to/private.key", "oaepPaddingDigestAlgorithm": "SHA-512", "encryptionKeyFingerprintFieldName": "publicKeyFingerprint", "encryptionCertificateFingerprint": "80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279", "oaepPaddingDigestAlgorithmFieldName": "oaepHashingAlgorithm", } ``` ```PHP $config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig() ->withEncryptionPath('$.encryptedPayload.encryptedData', '$.encryptedPayload') ->withDecryptionPath('$.encryptedPayload', '$.encryptedPayload.encryptedData') ->withEncryptionCertificate($encryptionCertificate) ->withDecryptionKey($decryptionKey) ->withOaepPaddingDigestAlgorithm('SHA-512') ->withEncryptedValueFieldName('encryptedData') ->withEncryptedKeyFieldName('encryptedKey') ->withIvFieldName('iv') ->withOaepPaddingDigestAlgorithmFieldName('oaepHashingAlgorithm') ->withEncryptionCertificateFingerprintFieldName('publicKeyFingerprint') ->withFieldValueEncoding(FieldValueEncoding::HEX) ->withEncryptionCertificateFingerprint("80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279") ->build(); ``` ```Ruby { paths: [ { path: "/getPaymentAccountReference", toEncrypt: [ { element: "encryptedPayload.encryptedData", obj: "encryptedPayload" }], toDecrypt: [ { element: "encryptedPayload", obj: "encryptedPayload.encryptedData" } ] } ], oaepPaddingDigestAlgorithm: 'SHA-512', ivFieldName: 'iv', encryptedKeyFieldName: 'encryptedKey', encryptedValueFieldName: 'encryptedData', oaepHashingAlgorithmFieldName: 'oaepHashingAlgorithm', publicKeyFingerprintFieldName: 'publicKeyFingerprint', publicKeyFingerprintType: "certificate", dataEncoding: 'hex', encryptionCertificate: "./path/to/your/encryption.crt", encryptionCertificateFingerprint: "80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279", privateKey: "./path/to/private.key" } ```
### Refactoring for Production or MTF {#refactoring-for-production-or-mtf} 1. Repeat the instructions on this page for the target environment. 2. Redirect calls to the new environment by changing all the `basePath` variables in the JavaScript files. For example, variables like: * JavaScript ```JavaScript client.basePath = "https://sandbox.api.mastercard.com/par/paymentaccountreference/static/1/0"; ``` Should be updated with the `basePath` value for the [target environment](https://developer.mastercard.com/payment-account-reference-inquiry/documentation/env-domains/index.md).