Overview

Mutual Transport Layer Security (mTLS) is an enhanced form of the standard TLS protocol, ensuring that both servers authenticate and validate each other’s identities.

All API requests made over mTLS use the following unique domains for each of Knot’s environments:

EnvironmentDomain
Developmenthttps://mtls.development.knotapi.com
Productionhttps://mtls.production.knotapi.com

Enabling mTLS

To enable mTLS, follow the steps below.

1

Generate a private key and corresponding CSR

Use your preferred method to generate a private key and corresponding that meets the following requirements:

  1. The CSR uses RSA 2048 as the key algorithm.
  2. The CSR uses SHA2-256 as the hash algorithm.
  3. The Common Name (CN) attribute is assigned to your client_id.

Below is an example using OpenSSL:

openssl req \
    -new -sha256 -newkey rsa:2048 -nodes \
    -subj '/CN=[client_id]' \
    -keyout client.key -out client.req

Ensure you keep the private key secure as it will be used later in API requests.

2

Provide the CSR to Knot

Forward the CSR file to Knot and request that it be activated for your client_id. You’ll promptly receive a client certificate signed by Knot. This certificate, in conjunction with your private key, will serve as the authentication mechanism for interacting with the API.

3

Confirm mTLS is enabled

Receive the client certificate from signed by Knot and confirm that mTLS is enabled for a given environment.

4

Access the API over mTLS

Make all requests to the API with your client_id over mTLS. Attach the client.cert and client.key in your HTTP client.

EnvironmentDomain
Developmenthttps://mtls.development.knotapi.com
Productionhttps://mtls.production.knotapi.com