Hacker Newsnew | comments | show | ask | jobs | submit login

Does anyone know of a good reason not to use TLS with client-side certificates (and you as the CA) for API authentication?

It can become a pain to manage from the server side (issuing new ones &c), but technically they're pretty nice. The company I used to work for used them for their api.


Yeah, limited library support for client certs.


Let's fix that...


Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact