Skip to main content





Secure Rest APIs with client side authentication

  • Edit
    Collaborate with us
    Edit this page on GitHub
  • To secure a consumed REST APIs with authentication via client side certificates you’ll need to send the client side certificate on the request to the server.

    Configuring your application

    This can be achieved with the use of the REST Extensibility API:

    1. Create an extension and develop application code to use the client-side certificate.
    2. In the extension you'll need to include the installation path of your client certificates:
      • For OutSystems cloud, check this document on how to request the certificate installation and obtain the path from OutSystems Support.
      • For self-managed environments, check here for the instructions to install the certificate.
    3. Customize the request with the OnBeforeRequest property of your REST API before making the web request call.
    4. If necessary, force the usage of a specific TLS version by using ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType. Check the code sample for details on the SetTLSVersion action. This might necessary when connecting to legacy servers.

    Sample code

    An example of this implementation is available at OutSystems Forge, on the HTTPS Consumer component that already reflects the actions above.

    • Was this article helpful?