Hacker Newsnew | comments | show | ask | jobs | submit login

Does anyone know of a good reason not to use TLS with client-side certificates (and you as the CA) for API authentication?



It can become a pain to manage from the server side (issuing new ones &c), but technically they're pretty nice. The company I used to work for used them for their api.

-----


Yeah, limited library support for client certs.

-----


Let's fix that...

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: