# Security
source: https://developer.mastercard.com/transaction-notifications/documentation/api-reference/oauth-security/index.md

## Security {#security}

### In Short {#in-short}

* Mastercard uses OAuth 1.0a for authenticating client applications.
* Requests with a body must be signed using the Google Request Body Hash extension for OAuth.
* OAuth Keys for your project can be set up in your dashboard.
* Client authentication libraries can be found on GitHub, with how-to information provided in README.md files.

### OAuth Keys \& Authentication Libraries {#oauth-keys--authentication-libraries}

For details please refer to [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/using-oauth-1a-to-access-mastercard-apis/).