Designing A 2-Way SSL RESTful API

Posted by Mithir on Programmers See other posts from Programmers or by Mithir
Published on 2012-06-03T09:06:57Z Indexed on 2012/06/03 10:47 UTC
Read the original article Hit count: 427

Filed under:
|
|
|
|

I am starting to develop a WCF API, which should serve some specific clients.

We don't know which devices will be using the API so I thought that using a RESTful API will be the most flexible choice.

All devices using the API would be authenticated using an SSL certificate (client side certificate), and our API will have a certificate as well ( so its a 2 Way SSL)

I was reading this question over SO, and I saw the answers about authentication using Basic-HTTP or OAuth, but I was thinking that in my case these are not needed, I can already trust the client because it possesses the client-side certificate.

Is this design ok? Am I missing anything?

Maybe there's a better way of doing this?

© Programmers or respective owner

Related posts about api

Related posts about rest