{"id":7395,"library":"mastercard-oauth1-signer","title":"Mastercard OAuth1 Signer","description":"The Mastercard OAuth1 Signer is a Python library that simplifies the process of generating OAuth 1.0a signatures required for authenticating requests to Mastercard APIs. It handles the complexities of OAuth 1.0a, including nonce generation, timestamping, and RSA-SHA256 signature creation. The current version is 1.9.2, with a release cadence focused on security updates, dependency bumps, and bug fixes.","status":"active","version":"1.9.2","language":"en","source_language":"en","source_url":"https://github.com/Mastercard/oauth1-signer-python","tags":["authentication","oauth1","mastercard","payments","api-client","security"],"install":[{"cmd":"pip install mastercard-oauth1-signer","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Used for making HTTP requests and integrated with the signing mechanism.","package":"requests","optional":false},{"reason":"Core dependency for cryptographic operations, specifically RSA-SHA256 signing.","package":"cryptography","optional":false},{"reason":"Historically used for SSL functionalities, though its direct use has been reduced over versions.","package":"pyOpenSSL","optional":false}],"imports":[{"note":"This is the main class for integrating OAuth1.0a signing with requests.","symbol":"Auth","correct":"from mastercard.oauth1.signer import Auth"}],"quickstart":{"code":"import requests\nimport os\nfrom mastercard.oauth1.signer import Auth\n\n# --- Environment variables or placeholder values ---\n# Replace with your actual credentials or set as environment variables\nCONSUMER_KEY = os.environ.get('MASTERCARD_CONSUMER_KEY', 'YOUR_CONSUMER_KEY')\nPRIVATE_KEY_PATH = os.environ.get('MASTERCARD_PRIVATE_KEY_PATH', 'path/to/your/key.p12')\nKEY_ALIAS = os.environ.get('MASTERCARD_KEY_ALIAS', 'keyalias') # Alias used when creating the .p12 file\nKEY_PASSWORD = os.environ.get('MASTERCARD_KEY_PASSWORD', 'keypassword')\nBASE_URL = os.environ.get('MASTERCARD_BASE_URL', 'https://sandbox.api.mastercard.com') # Or 'https://api.mastercard.com'\n\n# --- Load private key and create Auth object ---\ntry:\n    # The Auth constructor handles loading the private key from the .p12 file\n    oauth_auth = Auth(\n        consumer_key=CONSUMER_KEY,\n        private_key_path=PRIVATE_KEY_PATH,\n        private_key_password=KEY_PASSWORD,\n        private_key_alias=KEY_ALIAS\n    )\nexcept Exception as e:\n    print(f\"Error initializing Auth: {e}\")\n    print(\"Please ensure your private key path, password, and alias are correct.\")\n    exit(1)\n\n# --- Example API call (replace with your actual endpoint) ---\n# This example assumes an endpoint that returns some data, like a health check or a simple resource.\n# The actual endpoint will vary based on the Mastercard API you are using.\napi_endpoint = f\"{BASE_URL}/some/api/resource\"\n\nheaders = {'Accept': 'application/json'}\n\ntry:\n    response = requests.get(api_endpoint, auth=oauth_auth, headers=headers)\n    response.raise_for_status() # Raise an HTTPError for bad responses (4xx or 5xx)\n\n    print(f\"Successfully called {api_endpoint}\")\n    print(f\"Status Code: {response.status_code}\")\n    print(\"Response Body:\")\n    print(response.json()) # Assuming JSON response\nexcept requests.exceptions.RequestException as e:\n    print(f\"API call failed: {e}\")\n    if hasattr(e, 'response') and e.response is not None:\n        print(f\"Response Status: {e.response.status_code}\")\n        print(f\"Response Body: {e.response.text}\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")\n","lang":"python","description":"This quickstart demonstrates how to initialize the `Auth` object with your Mastercard API credentials and use it with the `requests` library to make an authenticated call to a Mastercard API endpoint. Ensure you replace placeholder values with your actual `consumer_key`, `private_key_path`, `key_alias`, and `key_password`."},"warnings":[{"fix":"Upgrade to version 1.4.0 or newer: `pip install mastercard-oauth1-signer --upgrade`.","message":"The `oauth_signature` was not encoded correctly in versions 1.2.0 and 1.3.0, leading to authentication failures for affected API calls. This was resolved in version 1.4.0.","severity":"breaking","affected_versions":"1.2.0, 1.3.0"},{"fix":"Ensure `cryptography` is updated to at least version 42.0.0 or higher. The `mastercard-oauth1-signer` library version 1.8.0 and above include this update. Reinstalling the signer might also update `cryptography`: `pip install mastercard-oauth1-signer --upgrade`.","message":"A critical vulnerability (CVE-2023-49082) was found in Cryptography library version 41.0.0. The `mastercard-oauth1-signer` library explicitly updated its `cryptography` dependency to address this, but if your environment has an older version installed, it could pose a risk.","severity":"gotcha","affected_versions":"<1.8.0 (if using Cryptography 41.0.0)"},{"fix":"Ensure a clean virtual environment for your project. If issues persist, try reinstalling `mastercard-oauth1-signer` to force dependency updates: `pip install mastercard-oauth1-signer --upgrade --no-cache-dir`. In isolated cases, manually upgrading `pyOpenSSL` might be necessary: `pip install pyOpenSSL --upgrade`.","message":"Dependency on `pyOpenSSL` has seen several version bumps and adjustments across releases (e.g., 1.6.0, 1.6.1, 1.7.0, 1.9.0). Users might encounter dependency conflicts or `ImportError` issues if their environment has specific `pyOpenSSL` versions that clash with the library's requirements.","severity":"gotcha","affected_versions":"All versions, due to varying `pyOpenSSL` requirements over time."},{"fix":"Double-check the alias and password used when generating your `.p12` file. These are case-sensitive. Ensure the file path is correct and readable by the application.","message":"When loading the private key from a `.p12` file, ensure the `private_key_alias` and `private_key_password` are correct. Incorrect values will lead to `MastercardOAuth1SignerException` during `Auth` object initialization.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Install the library: `pip install mastercard-oauth1-signer`. Verify your import statement: `from mastercard.oauth1.signer import Auth`.","cause":"The `mastercard-oauth1-signer` package is not installed in the current Python environment or the import path is incorrect.","error":"ModuleNotFoundError: No module named 'mastercard.oauth1.signer'"},{"fix":"Carefully review all parameters passed to the `Auth` constructor: `consumer_key`, `private_key_path`, `private_key_password`, and `private_key_alias`. Ensure the `.p12` file exists, is accessible, and not corrupted. Check for typos and verify against your Mastercard Developer credentials.","cause":"This generic exception usually indicates an issue with the provided credentials (consumer key, private key path, password, or alias) or an internal error during the signing process.","error":"mastercard.oauth1.signer.utils.MastercardOAuth1SignerException: Failed to sign request: [Specific error message related to key/auth]"},{"fix":"Confirm your `consumer_key`, `private_key_path`, `key_alias`, and `key_password` are correct. Verify that the `BASE_URL` matches the intended API environment (sandbox or production) and that the endpoint path is accurate. Ensure any request parameters or body content are consistent with the API documentation for signature generation.","cause":"The API endpoint rejected the signed request, most commonly due to an invalid or mismatched OAuth signature. This could stem from incorrect credentials, an improperly formatted request URL, or a mismatch in API environment (e.g., sandbox vs. production).","error":"requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: ..."}]}