Mutual authentication in IBM APIC Suite 2018
Abstract: To authenticate a subscribed application (app) API call using Mutual Authentication (mTLS) with the DataPower API Gateway 2018.
Changes between IIB V10 and IBM App Connect Enterprise Toolkit 18.104.22.168
1. Mutual authentication works by client and a server performing a handshake. The part of SSL/TLS protocol, two applications can authenticate each other for secure message sending and receiving.
2. API send is SSL server certificate, API consumer ssl client stack receives and ssl certificate and validates it.
3. Client app sends its client certificate and API receives client certificate and validates it.
4. Authentication credential can be central revoked
5. Provides identify verification through secret private keys.
6. Certificates can be used for many purposes such as login access the server
1. TLS Profile in DataPower gateway
2. Register an application for mTLS in Developer Portal
3. Enable API Application Authentication in V2018.