Designing A 2-Way SSL RESTful API
Posted
by
Mithir
on Programmers
See other posts from Programmers
or by Mithir
Published on 2012-06-03T09:06:57Z
Indexed on
2012/06/03
10:47 UTC
Read the original article
Hit count: 427
I am starting to develop a WCF API, which should serve some specific clients.
We don't know which devices will be using the API so I thought that using a RESTful API will be the most flexible choice.
All devices using the API would be authenticated using an SSL certificate (client side certificate), and our API will have a certificate as well ( so its a 2 Way SSL)
I was reading this question over SO, and I saw the answers about authentication using Basic-HTTP or OAuth, but I was thinking that in my case these are not needed, I can already trust the client because it possesses the client-side certificate.
Is this design ok? Am I missing anything?
Maybe there's a better way of doing this?
© Programmers or respective owner