Skip to main content

Overview

All API requests made over use the following unique domains for each of Knot’s environments:
EnvironmentDomain
Developmenthttps://mtls.development.knotapi.com
Productionhttps://mtls.production.knotapi.com

Enabling mTLS

To enable mTLS, follow the steps below.
1

Generate a private key and corresponding CSR

Use your preferred method to generate a private key and corresponding that meets the following requirements:
  1. The CSR uses RSA 2048 as the key algorithm.
  2. The CSR uses SHA2-256 as the hash algorithm.
  3. The Common Name (CN) attribute is assigned to your client_id.
Below is an example using OpenSSL:
openssl req \
    -new -sha256 -newkey rsa:2048 -nodes \
    -subj '/CN=[client_id]' \
    -keyout client.key -out client.req
Ensure you keep the private key secure as it will be used later in API requests.
2

Provide the CSR to Knot

Forward the CSR file to Knot and request that it be activated for your client_id. You’ll promptly receive a client certificate signed by Knot. This certificate, in conjunction with your private key, will serve as the authentication mechanism for interacting with the API.
3

Confirm mTLS is enabled

Receive the client certificate from signed by Knot and confirm that mTLS is enabled for a given environment.
4

Access the API over mTLS

Make all requests to the API with your client_id over mTLS. Attach the client.cert and client.key in your HTTP client.
EnvironmentDomain
Developmenthttps://mtls.development.knotapi.com
Productionhttps://mtls.production.knotapi.com
I