Mutual Transport Layer Security
Overview
Mutual Transport Layer Security (mTLS) is an enhanced form of the standard TLS protocol, ensuring that both servers authenticate and validate each other’s identities.
All API requests made over mTLS use the following unique domains for each of Knot’s environments:
Environment | Domain |
---|---|
Development | https://mtls.development.knotapi.com |
Production | https://mtls.production.knotapi.com |
Enabling mTLS
To enable mTLS, follow the steps below.
Generate a private key and corresponding CSR
Use your preferred method to generate a private key and corresponding that meets the following requirements:
- The CSR uses RSA 2048 as the key algorithm.
- The CSR uses SHA2-256 as the hash algorithm.
- The Common Name (CN) attribute is assigned to your
client_id
.
Below is an example using OpenSSL:
Ensure you keep the private key secure as it will be used later in API requests.
Provide the CSR to Knot
Forward the CSR file to Knot and request that it be activated for your client_id
. You’ll promptly receive a client certificate signed by Knot. This certificate, in conjunction with your private key, will serve as the authentication mechanism for interacting with the API.
Confirm mTLS is enabled
Receive the client certificate from signed by Knot and confirm that mTLS is enabled for a given environment.
Access the API over mTLS
Make all requests to the API with your client_id
over mTLS. Attach the client.cert
and client.key
in your HTTP client.
Environment | Domain |
---|---|
Development | https://mtls.development.knotapi.com |
Production | https://mtls.production.knotapi.com |