From f9dd8478282f0350087afc57ec29a3324b967153 Mon Sep 17 00:00:00 2001 From: Mystique <13oct08@quantumfoam.uni.cc> Date: Mon, 22 Feb 2021 21:15:30 +0100 Subject: [PATCH] LGTM --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 55e7ee8..4cbe31c 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,7 @@ # API Design Best Practice: Mutual TLS authentication for APIs -Mystique Unicorn App is a building new microservice. Their developers are looking for a way to validate the incoming requests are coming from trusted sources and deny invoking the backend systems if the requests are from un-trusted sources. This will have the benefit of reducing cost as well improving the performance of the backend components. The team is looking for your help to achieve this. Can you help them? +Mystique Unicorn App is a building new microservice. Their developers are looking for a way to validate the incoming requests are coming from trusted sources and deny invoking the backend systems if the requests are from un-trusted sources. This will have the benefit of reducing cost as well as improving the performance of the backend components. The team is looking for your help to achieve this. Can you help them? -![Miztiik Automation: API Design Best Practice - Mutual TLS authentication for APIs](images/miztiik_automation_api_design_best_practice_mutual_tls_architecture_000.png) ## 🎯 Solutions @@ -10,6 +9,8 @@ TLS is the successor to SSL and it’s an excellent standard with many features. By default, the TLS protocol only requires a server to authenticate itself to the client. The authentication of the client to the server is managed by the application layer. The TLS protocol also offers the ability for the server to request that the client send an X.509 certificate to prove its identity. This is called _mutual TLS (mTLS)_ as both parties are authenticated via certificates with TLS. +![Miztiik Automation: API Design Best Practice - Mutual TLS authentication for APIs](images/miztiik_automation_api_design_best_practice_mutual_tls_architecture_000.png) + To use mutual TLS with API Gateway, you upload a CA public key certificate bundle as an object containing public or private/self-signed CA certs. This is used for validation of client certificates. All existing API authorization options are available for use with mTLS authentication. ![Miztiik Automation: API Design Best Practice - Mutual TLS authentication for APIs](images/miztiik_automation_api_design_best_practice_mutual_tls_architecture_002.png)