# API Basics
source: https://developer.mastercard.com/pclo-presentment/documentation/api-basics/index.md

Note: Mastercard supports OAuth 2.0 for authenticating application HTTP requests. Refer to the following resources for guidance and documentation:   

* [Offers for Publishers (Legacy) OAuth 2.0 authentication and first call tutorial](https://developer.mastercard.com/pclo-presentment/documentation/tutorials-and-guides/index.md)
* [Using OAuth 2.0 to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-2-to-access-mastercard-apis/)
* [OAuth 2.0 reference application on GitHub](https://github.com/Mastercard/oauth2-client-java): Customers are advised to update the specification file and certificates as instructed in the README.md file to ensure access and alignment with OAuth 2.0 requirements.
* [Offers for Publishers API](https://developer.mastercard.com/presentment/documentation/release-history/) updated documentation

<br />

Support for OAuth 1.0a authentication remains available.
Note: Offers for Publishers currently uses User Account Management APIs for user management, account management, lost or stolen card, and lookup identifiers. Review the API Basics for User Account Management endpoints [here](https://developer.mastercard.com/user-account-management-service/documentation/api-basics/).

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application's HTTP requests. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard/) after you have created a project for Offers for Publishers. Authentication using MTLS is also available for Offers for Publishers APIs.
Tip: Refer to [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) or [Using MTLS to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-mtls-to-access-mastercard-apis/) to learn more about the authentication scheme Mastercard uses.

## Consume the Offers for Publishers API {#consume-the-offers-for-publishers-api}

Tip: Mastercard recommends using [OpenAPI Generator](https://openapi-generator.tech/) to integrate with the Offers for Publishers Service.

### Generating your own Offers for Publishers API client {#generating-your-own-offers-for-publishers-api-client}

Create a customizable API client from the Offers for Publishers API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is recommended. Follow the [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/generating-and-configuring-a-mastercard-api-client/) tutorial with the following API specifications:
[User Presentment](https://static.developer.mastercard.com/content/pclo-presentment/swagger/personalized-offers-user-presentment.yaml) and [Platform Admin](https://static.developer.mastercard.com/content/pclo-presentment/swagger/personalized-offers-platform-admin.yaml).

### Using a method of your choice {#using-a-method-of-your-choice}

Offers for Publishers exposes a REST API. You are free to use the REST/HTTP client of your choice and can still use the Mastercard open-source  [client authentication](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) library for signing your requests. Refer to the Offers for Publishers [API Reference](https://developer.mastercard.com/pclo-presentment/documentation/api-reference/platform-admin/)  section.

## Environments {#environments}

The table describes the two different environments that are available.

| Environment |                                                                                                         Description                                                                                                          |
|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox     | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production. Use your Sandbox key to authenticate with this environment. |
| Production  | Full production environment containing the latest production API release. Use your Production key to authenticate with this environment.                                                                                     |

## Next Steps {#next-steps}

Now that you have an understanding of the authentication and encryption requirements, proceed to the [Quick Start Guide](https://developer.mastercard.com/pclo-presentment/documentation/quick-start-guide/index.md) sections to learn about the Mastercard environments and how to get started.
