Hacker News new | comments | show | ask | jobs | submit login

Does anyone know of a good reason not to use TLS with client-side certificates (and you as the CA) for API authentication?

It can become a pain to manage from the server side (issuing new ones &c), but technically they're pretty nice. The company I used to work for used them for their api.

Yeah, limited library support for client certs.

Let's fix that...

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact