# API Basics
source: https://developer.mastercard.com/transaction-notifications/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project using Transaction Notifications.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

## How to Consume the Transaction Notifications API? {#how-to-consume-the-transaction-notifications-api}

Note: There are two ways of integrating with Transaction Notifications:

1. Using a generated API client (recommended)
2. Using a method of your choice

### Generating your own Transaction Notifications API client {#generating-your-own-transaction-notifications-api-client}

Create customizable API clients from the Transaction Notifications API specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the following API specification:
[inbound.yaml](https://static.developer.mastercard.com/content/transaction-notifications/swagger/inbound.yaml) (22KB)

### Using a method of your choice {#using-a-method-of-your-choice}

Transaction Notifications exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) for signing your requests.

For that, please refer to the Transaction Notifications [REST API Reference](https://developer.mastercard.com/transaction-notifications/documentation/api-reference/endpoints/index.md).

## Environments {#environments}

| Environment | Description                                                                                                                             |
|:------------|:----------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox     | For sandbox we have a **Free** tiered access package where we can enrol test cards and receive test transactions with standard payload. |
| Production  | For production we have two packages i) **Basic** and ii) **Premium** offering a lot more features.                                      |

For more information, please refer to the [Tiered Access](https://developer.mastercard.com/transaction-notifications/documentation/index.md#tiered-access) section.

## Headers {#headers}

The only required header, apart from Authentication, is "**Content-Type** " which must be "**application/json**".