Mutual TLS (mTLS)
All API People API calls require Mutual TLS (mTLS) to establish a secure, two-way authenticated connection between your application and our servers. Unlike standard TLS, which authenticates only the server, mTLS enforces authentication on both ends of the connection. This ensures that:
- Only verified clients can access API People APIs.
- API People servers are also authenticated by the client.
- Data exchange occurs only between trusted parties.
This approach helps protect sensitive data, prevent impersonation, and block unauthorized access.
How it Works
mTLS uses public key cryptography involving a pair of keys:
- A public key, included in a TLS certificate, and
- A private key, securely held by the certificate owner.
When your client application connects to API People:
- It presents its certificate signed by a Trusted Certificate Authority (CA).
- API People verifies this certificate and, in return, presents its own for your client to verify.
- Only if both parties are validated does the secure connection proceed.
info
API People team will provide your mTLS certificates during your onboarding.