# Request Production Access
source: https://developer.mastercard.com/payment-account-reference-inquiry/documentation/tutorials/move-project/index.md

## Overview {#overview}

After successfully testing in the MTF environment, you are ready to move your project to the Production environment.

### APIs used in this tutorial {#apis-used-in-this-tutorial}

* [Payment Account Reference Inquiry](https://developer.mastercard.com/payment-account-reference-inquiry/documentation/api-reference/index.md)

#### What you'll learn: {#what-youll-learn}

* How to prepare your Payment Account Reference Inquiry project for Production environment
* How to create, import, and export the necessary keys for Production

#### What you'll need: {#what-youll-need}

Before moving your project to Production environments:

* You must have requested to your Mastercard Customer Delivery contact the opening of a **CIS project** to enable Payment Account Reference Inquiry API.
* You must have received from Mastercard your **CIS project number** (CIS-xxxx-zzzzz)
* If using a **Certificate Signing Request (CSR)**, you should have a CSR file ready, containing information such as your organization name, your domain name and location. The CSR contains the public key that will be included in your certificate for OAuth authentication. Use your own key management system to generate the private key in a secure hardware store. The CSR file must be in .pem format.

## Request Production Access {#request-production-access}

1. [**Log in**](https://developer.mastercard.com/account/log-in) to you Mastercard Developers account.
2. On the **My Projects** dashboard, locate your Payment Account Reference Inquiry project.
3. Click the project title to view project details.
4. On the project Summary page, click **Request Production Access**.

![](https://static.developer.mastercard.com/content/payment-account-reference-inquiry/documentation/tutorials/creating-a-new-project/img/create-project-7.png)

## Service Details {#service-details}

1. Enter the **Customer Name**.
2. Select the appropriate requestor access as **Acquirer** , **Merchant** , or **Wallet Provider**.
3. Enter the **CIS Project Number**.

![](https://static.developer.mastercard.com/content/payment-account-reference-inquiry/documentation/tutorials/creating-a-new-project/img/create-project-8.png)

## OAuth 1.0a Project Keys {#oauth-10a-project-keys}

Mastercard uses [OAuth 1.0a](https://oauth.net/core/1.0a/) for authenticating and authorizing client applications. This means every request must be digitally signed. Only requests with valid signatures created by authorized clients are granted access to our services. The OAuth protocol requires a consumer key and a request signing key. When your project is created, these keys (a Consumer Key and a Signing Key) will be automatically generated for the Production environment, which gives access to an API.

1. Enter the **Keyalias** and **Keystore password** to create these credentials.
2. Click **Proceed**.

![](https://static.developer.mastercard.com/content/payment-account-reference-inquiry/documentation/tutorials/creating-a-new-project/img/create-project-4.png)
Warning: Production Keys are generated instantaneously, but they still need to be approved before you can go live. Once your production access request has been reviewed, you will receive a notification confirming whether your access has been approved or denied.

## Additional Credentials {#additional-credentials}

You must generate credentials that your server will use to communicate with the APIs in the Production environment.

The Payment Account Reference Inquiry service encrypts fields that contain sensitive data. Client encryption libraries are available on [Mastercard's Github](https://github.com/search?q=topic%3Afield-level-encryption+org%3AMastercard&type=Repositories). For further details, refer to [Securing Sensitive Data](https://developer.mastercard.com/platform/documentation/securing-sensitive-data-using-payload-encryption/).

You require one key to encrypt data in requests, and a second to decrypt data in response.

1. Enter the **Keyalias** and **Keystore** Password to create these additional credentials.
2. Click **Update Project**.

![](https://static.developer.mastercard.com/content/payment-account-reference-inquiry/documentation/tutorials/creating-a-new-project/img/create-project-9.png)

## Updating Your Project {#updating-your-project}

Save the key file in a safe place as this would be your only chance to download this file.

1. Click **Download key file**.
2. Click **Open project**.

![](https://static.developer.mastercard.com/content/payment-account-reference-inquiry/documentation/tutorials/creating-a-new-project/img/create-project-10.png)

If you wish to create credentials using CSRs, you need to go back to your project dashboard to add a new key.
This method involves you creating your Production signing key and response decryption key offline, and sending them to Mastercard. Refer to detailed instructions in Method 2 [here](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#method-2).
Note: Project credentials expire after a certain time. The key renewal emails are sent out to the project team 90 days before the expiry. Failure to renew the credentials will result in requests failing, and therefore, it is crucial that you renew the credentials before they expire.

## Production Onboarding {#production-onboarding}

The final part of moving your Payment Account Reference Inquiry API project to the Mastercard Production environment involves working with your Mastercard Customer Implementation Services Manager (CIS IM). You must retrieve your Mastercard API Production Client ID (part of the Consumer Key) and Public Key Fingerprint and provide it to your CIS IM.

1. Provide Client ID to CIS Implementation Manager. To get this information, perform the following steps:

   1. From the Mastercard Developers project summary page, go to the **Production Keys** section, click on the **Actions** dropdown button, and select the **Copy Consumer key** option.

   > The first 48 characters of this key value (up to the exclamation mark) are your Client ID will be used in the Production environment. For example, with Client ID shown in bold:  
   > **l6dXa1PkV03‑hTDlFwHY2tMzd4ermMIKzy574sc‑577dcc9e**!c6caf58a58ea432f92a1bc54a73e26660000000000000000
   1. The `publicKeyFingerprint` of each Mastercard Encryption Key (Production) can obtained from the **Project Summary** page. Go to the **Mastercard Encryption Keys** section, click on the **Actions** dropdown button, and select **Copy fingerprint**.

   > The API will send a `publicKeyFingerprint` in each API response. This value can be used by you, to identify the associated certificate (private key) to use to decrypt the one-time-use key (`encryptedKey`) in the payload of the API responses.
2. Send the Consumer Key value(s) from step 1, the fingerprint(s) from step 2 to your CIS IM.