Skip to main content
TLS (formerly SSL) is the standard protocol for verifying a server’s identity and encrypting communication.
In traditional TLS:
  • The server sends its certificate.
  • The client verifies it against a trusted Certificate Authority (CA).
  • The client then trusts that the server is genuine.
mTLS extends this by requiring both sides to present certificates. With mTLS:
  • The client sends its own certificate, signed by a trusted CA.
  • The server verifies this certificate and checks that the client controls the private key associated with it.
This provides strong, cryptographic proof that the request is coming from a trusted system.

Why mTLS?

Servers that can call our APIs operate with high privilege.
mTLS ensures that:
  • Only systems you explicitly trust can connect to us.
  • Each client environment can have its own certificate, improving auditability.
  • Private keys stay entirely under your control; we never see them.
This approach supports a Zero Trust Architecture (ZTA), where no system is implicitly trusted and every request must be identified, authenticated, and authorized.