# API Basics
source: https://developer.mastercard.com/transactions-service/documentation/api-basics/index.md

## API Security {#api-security}

### Client Authentication {#client-authentication}

Mastercard uses OAuth 1.0a for authenticating your application. You can manage your authentication keys from your [Developer Dashboard](https://developer.mastercard.com/dashboard) after you created a project for Mastercard Loyalty Management.
Tip: Do you want to learn more about the authentication scheme Mastercard uses? For that, read our [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) guide.

## Encryption {#encryption}

The transport between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data is encrypted by default when transmitted across networks. Whereas sensitive data like card numbers (Payment Card Industry Data Security Standard) are sent, the entire request payload should be encrypted using the JWE encryption scheme. For further details,
please refer to [Securing Sensitive Data Using Payload Encryption.](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/)

### Encryption Libraries {#encryption-libraries}

Mastercard has abstracted the encryption scheme into our [client encryption libraries](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries), which are available in several of the most used development languages. We highly recommend that you utilize these libraries to encrypt the sensitive data used by this service.

## How to Consume the Transactions Service? {#how-to-consume-the-transactions-service}

Note: There are multiple ways of integrating with the Transactions Service:

1. Using a generated API client (recommended)
2. Using a method of your choice

### Generating your own API client {#generating-your-own-api-client}

Create customizable API clients from the Transactions Service specification and let Mastercard open-source client libraries handle the authentication for you. This approach offers more flexibility and is strongly recommended.

For this, please follow our [Generating and Configuring a Mastercard API Client](https://developer.mastercard.com/platform/documentation/security-and-authentication/generating-and-configuring-a-mastercard-api-client/) tutorial with the following API specification:
[mrs-transactions-service-swagger.yaml](https://static.developer.mastercard.com/content/transactions-service/swagger/mrs-transactions-service-swagger.yaml) (13KB)

### Using a method of your choice {#using-a-method-of-your-choice}

Transactions Service exposes a REST API: you are free to use the REST/HTTP client of your choice and can still leverage the Mastercard open-source [client authentication](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/#client-libraries) and [client encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/#client-libraries) libraries for signing your requests and dealing with payload encryption.

For that, please refer to the Transactions Service [REST API Reference](https://developer.mastercard.com/transactions-service/documentation/api-reference/index.md).

## Environments {#environments}

The table below describes the two different environments that are available.

| **Environment** |                                                                                                                                 **Description**                                                                                                                                 |
|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sandbox         | Pre-production test environment containing the latest pre-release version of the real APIs, intended for full integration testing prior to moving to production. Use your Sandbox keys to authenticate with this environment. The keys are set up when you create your project. |
| Production      | Full production environment containing the latest production API release.                                                                                                                                                                                                       |