Designing A 2-Way SSL RESTful API
- by Mithir
I am starting to develop a WCF API, which should serve some specific clients.
We don't know which devices will be using the API so I thought that using a RESTful API will be the most flexible choice.
All devices using the API would be authenticated using an SSL certificate (client side certificate), and our API will have a certificate as well ( so its a 2 Way SSL)
I was reading this question over SO, and I saw the answers about authentication using Basic-HTTP or OAuth, but I was thinking that in my case these are not needed, I can already trust the client because it possesses the client-side certificate.
Is this design ok?
Am I missing anything?
Maybe there's a better way of doing this?