Secure Rest APIs with client side authentication
Collaborate with us
Edit this page on GitHub
To secure a consumed REST APIs with authentication via client side certificates you’ll need to send the client side certificate on the request to the server.
Configuring your application
This can be achieved with the use of the REST Extensibility API:
- Create an extension and develop application code to use the client-side certificate.
- In the extension you'll need to include the installation path of your client certificates:
- For OutSystems cloud, check this document on how to request the certificate installation and obtain the path from OutSystems Support.
- For self-managed environments, check here for the instructions to install the certificate.
- Customize the request with the OnBeforeRequest property of your REST API before making the web request call.
- If necessary, force the usage of a specific TLS version by using
ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType
. Check the code sample for details on the SetTLSVersion action. This might necessary when connecting to legacy servers.
Sample code
An example of this implementation is available at OutSystems Forge, on the HTTPS Consumer component that already reflects the actions above.