# API Basics source: https://developer.mastercard.com/presentment/documentation/api-basics/index.md ## Client authentication {#client-authentication} To access Mastercard APIs, you will need to configure your API client to authenticate using one of the following supported authentication protocols. | Authentication protocol | Description | Reference information | |-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------| | OAuth 1.0a | This is the default authentication mechanism used by most APIs on Mastercard Developers. OAuth 1.0a is an authentication and authorization protocol that guarantee the integrity and authenticity of incoming API calls and allow for non-repudiation of requests. | [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/) | | OAuth 2.0 | Mastercard APIs use the OAuth 2.0 client credentials flow to authenticate API clients, and [FAPI 2.0](https://openid.bitbucket.io/fapi/fapi-security-profile-2_0.html), a security profile built for financial services. | [Using OAuth 2.0 to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-2-to-access-mastercard-apis/) | | Mutual TLS (mTLS) | Mutual TLS authentication is a two-way authentication mechanism based on Transport Layer Security (TLS) that uses digital certificates signed using the Public Key Infrastructure framework. | [Using MTLS to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/authentication/using-mtls-to-access-mastercard-apis/) | You can manage your authentication keys from your  [Developer Dashboard](https://developer.mastercard.com/dashboard/) after you have created a project for Offers for Publishers or User Account Administration. ### Upgrade to OAuth 2.0 {#upgrade-to-oauth-20} If your Mastercard Developers project uses OAuth 1.0a and the APIs in your project support OAuth 2.0, you can upgrade your project to support both authentication methods. To upgrade, follow the steps in the [Upgrading Keys to OAuth 2.0](https://developer.mastercard.com/platform/documentation/credential-management/oauth-key-management/#upgrading-keys-to-oauth-20) section. ## Consume the Offers for Publishers API {#consume-the-offers-for-publishers-api} Tip: Mastercard recommends using [OpenAPI Generator](https://openapi-generator.tech/) to integrate with the Offers for Publishers Service. ### Generating your own Offers for Publishers API client {#generating-your-own-offers-for-publishers-api-client} Create a customizable API client from the Offers for Publishers API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is recommended. Follow the  [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/generating-and-configuring-a-mastercard-api-client/)  tutorial with the API specifications in the [API Reference](https://developer.mastercard.com/presentment/documentation/api-reference/index.md) section. ### Using a method of your choice {#using-a-method-of-your-choice} Offers for Publishers exposes a REST API. You are free to use the REST/HTTP client of your choice and can still use the Mastercard open-source client libraries for signing your requests: * [Client libraries for OAuth 1.0a](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) * [Client libraries for OAuth 2.0](https://developer.mastercard.com/platform/documentation/authentication/using-oauth-2-to-access-mastercard-apis/#client-libraries)
Refer to the Offers for Publishers [API Reference](https://developer.mastercard.com/presentment/documentation/api-reference/presentment/index.md) section for details. ## Environments {#environments} The table describes the two different environments that are available. | Environment | Description | Base URLs | |-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------| | Sandbox | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production. Use your Sandbox key to authenticate with this environment. | `https://sandbox.api.mastercard.com/loyalty/offers` `https://sandbox.api.mastercard.com/loyalty/offers/presentment` | | Production | Full production environment containing the latest production API release. Use your Production key to authenticate with this environment. | `https://api.mastercard.com/loyalty/offers` `https://api.mastercard.com/loyalty/offers/presentment` | ## Next steps {#next-steps} Now that you have an understanding of the authentication and encryption requirements, proceed to the [Quick Start Guide](https://developer.mastercard.com/presentment/documentation/quick-start-guide/index.md) section to learn how to access the API and generate your credentials.