# API Basics
source: https://developer.mastercard.com/traditional-fulfillment-service/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project for Mastercard Loyalty Management.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

## How to Consume the Traditional Fulfillment Service? {#how-to-consume-the-traditional-fulfillment-service}

Note: We strongly recommend using [OpenAPI Generator](https://openapi-generator.tech/) for integrating with Traditional Fulfillment Service.

### Generating your API client {#generating-your-api-client}

Create customizable API clients from the Traditional Fulfillment Service specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the following API specification:
[traditional-fulfillment-service-swagger.yaml](https://static.developer.mastercard.com/content/traditional-fulfillment-service/swagger/traditional-fulfillment-service-swagger.yaml) (18KB)

### Using a method of your choice {#using-a-method-of-your-choice}

Traditional Fulfillment Service exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) library for signing your requests.

For that, refer to the Traditional Fulfillment Service [API Reference](https://developer.mastercard.com/traditional-fulfillment-service/documentation/api-reference/index.md) section.

## Environments {#environments}

The table describes the two different environments that are available.

| **Environment** |                                                                                                        **Description**                                                                                                        |
|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox         | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production. Use your Sandbox keys to authenticate with this environment. |
| Production      | Full production environment containing the latest production API release.                                                                                                                                                     |