Skip to main content

Authentication Methods

Implement robust security for your REST API using a combination of authentication methods, including JWT (JSON Web Tokens), mutual TLS (mTLS), and HTTP-based API keys.

JSON Web Tokens (JWT):

  • Enhanced API Security: JWTs add an extra layer of security by ensuring that each request is properly authenticated.
  • CloudHSM Requirement: JWT authentication is mandatory when integrating with CloudHSM, ensuring secure communication and access control. (It is possible to add mutualTLS authentication, Contact Support.
  • Flexible Implementation: For on-premise deployments, JWTs are optional but recommended when not using mTLS to bolster security and maintain consistency across environments.

Mutual TLS (mTLS):

  • Bidirectional Authentication: mTLS offers a robust security mechanism by requiring both the client and server to authenticate each other, ensuring only trusted entities can interact with your API.
  • Comprehensive Client Validation: Optionally, an OCSP-Responder can be configured to validate client certificates in real-time, granting you full control over client authentications and enhancing the integrity of your API ecosystem.
  • Implementation Guide: For a detailed setup process, please refer to our mTLS configuration guide. For additional support, reach out to Securosys Support.

API Keys

API keys provide a role-based approach to manage access to various functionalities, ensuring that operations related to key management, key usage, Smart Key Attribute approvals, and service endpoints are properly segregated. This helps maintain security and control over who can perform different actions within the system.

Last updated on