# Endpoints (Inbound Calls) source: https://developer.mastercard.com/transaction-notifications/documentation/api-reference/endpoints/index.md ## Overview {#overview} The Transaction Notifications API currently exposes two endpoints: * [Post Transaction](https://developer.mastercard.com/transaction-notifications/documentation/api-reference/endpoints/index.md#post-transaction) to simulate a transaction in Sandbox. * Get Undelivered Transaction Notifications. ## Security {#security} ### In Short {#in-short} * Mastercard uses OAuth 1.0a for authenticating client applications. * Requests with a body must be signed using the Google Request Body Hash extension for OAuth. * OAuth Keys for your project can be set up in your dashboard. * Client authentication libraries can be found on GitHub, with how-to information provided in README.md files. ### OAuth Keys \& Authentication Libraries {#oauth-keys--authentication-libraries} For details please refer to [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis/). ## Environments {#environments} * Sandbox * Production ```Sandbox https://sandbox.api.mastercard.com/openapis/ ``` ```Production https://api.mastercard.com/openapis/ ``` ## OpenAPI Specification {#openapi-specification} API Specification: `https://static.developer.mastercard.com/content/transaction-notifications/swagger/inbound.yaml` ### Error Codes {#error-codes} For error codes and error response format, please refer to the [Codes-and-formats](https://developer.mastercard.com/transaction-notifications/documentation/codes-and-formats/index.md) page. ## Post Transaction {#post-transaction} Warning: This endpoint is limited to **Sandbox** environment. Transaction Simulation endpoint is used to create a test transaction in the Sandbox environment so you can simulate and test the end-to-end user experience. ### How It Works {#how-it-works} Diagram usertransactionsimulation 1. Consumer requests to enrol the card 2. You can create card ref using [Consent Management API's](https://developer.mastercard.com/consent-management/documentation/api-reference/#openapi-specification). 3. You make a call to simulate a purchase using card reference OR card number. 4. Mastercard forwards the simulated transaction to your defined [Endpoint](https://developer.mastercard.com/transaction-notifications/documentation/api-reference/transaction-notification-webhook/index.md). The notification contains the card reference, amount, merchant details and the issuer decision (approval/decline - similar to the real-time notification you will receive in production environment). For a full list of data elements please check the [Outbound Calls](https://developer.mastercard.com/transaction-notifications/documentation/api-reference/transaction-notification-webhook/index.md#openapi-specification). 5. You receive the simulated notification containing the card reference and associate it to your user. 6. You may optionally perform a communication to the cardholder by notifying the cardholder of an offer or any other type of communication.