Securing your APIs with one-way TLS or mutual TLS
If you want to secure your APIs over a public network, use mutual TLS or one-way TLS. One-way TLS authentication creates a truststore on the API Cloud and a keystore on the server. Two-way authentication creates a truststore and a keystore on both the API Cloud and the server.
Keystores : Contains an TLS certificate and private key used to identify the entity during TLS handshaking. When you create the keystore and upload the TLS cert, you specify an alias name used to reference the cert/key pair.
Truststores: Contains certificates used to verify certificates received as part of TLS handshaking. It is used when you have to validate self-signed certificates received from the TLS server, or certificates that are not signed by a trusted [CA refers to certificate authority. A certificate authority (CA) is an organization that acts to validate identities and bind them to cryptographic key pairs with digital certificates.**. It is also required when performing two-way TLS when Edge acts as the TLS server. API Cloud v2.0 provide self-serviceable APIs to manage certificates in the truststore.
If you are a first time user, click here.
(or)
If you have already uploaded the certificates to a truststore assigned to your team, but looking for other information like updating the certificates see Managing Certificates section.
For publishing private APIs using the CI/CD pipeline, see Enabling one-way TLS or mutual TLS using the CI/CD workflow.