# API Basics source: https://developer.mastercard.com/priceless-planet-carbon-tracker/documentation/api-basics/index.md ## API Security {#api-security} ### Client Authentication {#client-authentication} Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using Carbon Calculator Experience. Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide. ### Transport Encryption {#transport-encryption} The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data are encrypted by default when transmitted across networks. In addition to that, Carbon Calculator Experience uses end-to-end payload encryption to secure sensitive data like Personally Identifying Information (PII). You can manage your encryption keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard). Tip: Do you want to learn more about the authentication and encryption schemes Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) and [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guides. ## How to Consume the Carbon Calculator Experience API? {#how-to-consume-the-carbon-calculator-experience-api} Note: There are multiple ways of integrating with Carbon Calculator Experience: 1. Using a generated API client (recommended) 2. Using a method of your choice ### Generating your own Carbon Calculator Experience API client {#generating-your-own-carbon-calculator-experience-api-client} Create customizable API clients from the Carbon Calculator Experience API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers the more flexibility and is strongly recommended. For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with: * The following API specification: [carbontracker.yaml](https://static.developer.mastercard.com/content/priceless-planet-carbon-tracker/swagger/carbontracker.yaml) (50KB) * The encryption configuration below (to be used at the "*Enable Encryption*" step): * Java * C# ```java FieldLevelEncryptionConfig config = FieldLevelEncryptionConfigBuilder .aFieldLevelEncryptionConfig() .withEncryptionCertificate(encryptionCertificate) .withEncryptionPath("$", "$") .withEncryptedValueFieldName("encryptedData") .withEncryptedKeyFieldName("encryptedKey") .withOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm") .withOaepPaddingDigestAlgorithm("SHA-256") .withEncryptionKeyFingerprintFieldName("publicKeyFingerprint") .withIvFieldName("iv") .withFieldValueEncoding(FieldLevelEncryptionConfig.FieldValueEncoding.HEX) .build(); ``` ```csharp var fieldLevelEncryptionConfig = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .withEncryptionCertificate(encryptionCertificate) .withEncryptionPath("$", "$") .withEncryptedValueFieldName("encryptedData") .withEncryptedKeyFieldName("encryptedKey") .withOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm") .withOaepPaddingDigestAlgorithm("SHA-256") .withEncryptionKeyFingerprintFieldName("publicKeyFingerprint") .withIvFieldName("iv") .withFieldValueEncoding(FieldLevelEncryptionConfig.FieldValueEncoding.HEX) .build(); ``` ### Using a method of your choice {#using-a-method-of-your-choice} Carbon Calculator Experience exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and dealing with payload encryption. For that, please refer to the Carbon Calculator Experience [REST API Reference](https://developer.mastercard.com/priceless-planet-carbon-tracker/documentation/api-reference/index.md). ## Environments {#environments} The table below describes the three different environments that are available. | **Environment** | **Description** | |------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Sandbox - MTF (Mastercard Test Facility) | The pre-production test environment contains the latest pre-release or released version of the APIs, intended for full integration testing before moving to production. At this stage, use the Sandbox keys generated during the project creation. | | Production | The production environment contains the latest production API release. You can request approval to obtain the Production keys. Once approved, you can proceed to complete testing in the Production environment before launching your solution. | ## Next Steps {#next-steps} Now that you have an understanding of the services authentication and encryption, proceed to the [Quick Start Guide](https://developer.mastercard.com/priceless-planet-carbon-tracker/documentation/quick-start-guide/index.md) to learn how to access the API and generate your credentials.