# API Basics
source: https://developer.mastercard.com/straight-through-processing/documentation/api-basics/index.md

## API security {#api-security}

### Client authentication {#client-authentication}

Users access the API through the Mastercard Developers API Gateway, which uses the OAuth standard for access delegation. Mastercard uses OAuth 1.0a for authenticating your application. Requests with a body must be signed using the Google Request Body Hash extension for OAuth.

You can perform the following tasks:

1. Manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project by selecting the Straight Through Processing (STP) API.
2. Set up OAuth Keys for your project in your dashboard.
3. Find client authentication libraries with how-to information in README.md files on [GitHub](https://github.com/Mastercard?&q=oauth).

Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide. Note: STP does not use encryption because payments use a single-use VCN.

## How to consume the STP API? {#how-to-consume-the-stp-api}

Note: There are multiple ways of integrating with STP API:

1. [Using an STP SDK](https://developer.mastercard.com/straight-through-processing/documentation/api-basics/index.md#using-an-stp-sdk)
2. [Using a generated API client](https://developer.mastercard.com/straight-through-processing/documentation/api-basics/index.md#using-a-generated-api-client)
3. [Using a method of your choice](https://developer.mastercard.com/straight-through-processing/documentation/api-basics/index.md#using-a-method-of-your-choice)

### Using an STP SDK {#using-an-stp-sdk}

A Software Development Kit (SDK) is available, which provides a much simpler programming model. The SDK also handles all authentication using the OAuth standard on behalf of the API client application.

The SDK, its accompanying documentation, and code samples are available. Go through the [Connect using the SDK](https://developer.mastercard.com/straight-through-processing/tutorial/connect-using-the-sdk/index.md) tutorial to understand how to use it and the [SDK Reference](https://developer.mastercard.com/straight-through-processing/documentation/sdk/index.md) for more in-depth examples.

### Using a generated API client {#using-a-generated-api-client}

Many organisations have their own libraries and protocols to connect with third party APIs. You can connect to the STP API without using the SDK if you need this flexibility.

Mastercard provides lightweight signing libraries that take care of the authentication for you. In combination with the Open API specification for STP and the signer library for your chosen language, you can connect to STP without relying on the STP SDK.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the API specification:
[stp-api.yaml](https://static.developer.mastercard.com/content/straight-through-processing/swagger/stp-api.yaml) (47KB)

For more details, refer to the [Connect using Open API](https://developer.mastercard.com/straight-through-processing/tutorial/connect-using-open-api/index.md) tutorial.

### Using a method of your choice {#using-a-method-of-your-choice}

STP exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) for signing your requests.

## Environments {#environments}

The following table describes the two different environments that are available for the STP API.

| **Environment** |                                                                           **Description**                                                                            |                    **Link**                     |
|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
| Sandbox         | The pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production. | `https://sandbox.api.mastercard.com/stp-api/v1` |
| Production      | The full production environment containing the latest production API release.                                                                                        | `https://api.mastercard.com/stp-api/v1`         |