What is mutual authentication in API?

What is mutual authentication in API?

Mutual authentication in general (without any mentioning of a specific type of authenticated identity) means that: The API (service) must authenticate itself to the client application (service must present its identity to the client).

Does API gateway support mutual TLS?

Amazon API Gateway now supports mutual TLS (mTLS) authentication. Customers can now enable mTLS on custom domain names for regional REST and HTTP APIs at no additional cost. Mutual TLS enhances the security of your API and helps protect your data from attacks such as client spoofing or man-in-the middle attacks.

Does API gateway terminate TLS?

Certificate-based Authentication API Gateway provides integrated mutual TLS authentication, which helps you minimize the cost or operational overhead required to manage and scale a traditional reverse proxy fleet for terminating mutual TLS connections.

How to use mutual TLS for REST API?

To use mutual TLS, create a truststore of X.509 certificates that you trust to access your API. The certificates can be from public or private certificate authorities. Certificates can have a maximum chain length of four. You can also provide self-signed certificates.

How to configure mutual TLS for Amazon API?

To configure mutual TLS, you first create the private certificate authority and client certificates. You need the public keys of the root certificate authority and any intermediate certificate authorities. These must be uploaded to API Gateway to authenticate certificates properly using mutual TLS.

How to authenticate a certificate using mutual TLS?

You need the public keys of the root certificate authority and any intermediate certificate authorities. These must be uploaded to API Gateway to authenticate certificates properly using mutual TLS. This example uses OpenSSL to create the certificate authority and client certificate.

Can a custom domain name use mutual TLS?

You can enable mutual TLS for a custom domain name, and then provide the custom domain name to clients. To access an API by using a custom domain name that has mutual TLS enabled, clients must present certificates that you trust in API requests.