Secure your APIs: JWT or mTLS or both?

Authorized access to an API should be checked on the basis of cryptographically secured identities. This is the only way to clearly and securely identify the caller, which in turn forms the basis for an authorization check within the API. This creates the basis for robust and secure API communication.

JSON Web Token (JWT) or mutual TLS (mTLS) are available for this purpose. However, a combination of both technologies can also be useful. It is important to understand the basic purposes for which JWT (authentication) and mTLS (secure and verified communication) are suitable.

After an explanation of the two technologies and their associated areas of application, the respective requirements as well as advantages and disadvantages are weighed up against each other. The synergy of JWT and mTLS will also be explained and analysed in detail. The aim of the session is to be able to better assess the sensible use of one of the two technologies or a mix of both for reaching a higher level of API security.

DevOpsCon:
Secure your APIs: JWT or mTLS or both?

Teilen auf

Twitter Facebook LinkedIn

Michael Hofmann

Secure your APIs: JWT or mTLS or both?

Teilen auf

Ihnen gefällt vielleicht auch

Multi-Mesh - Clustergrenzen überschreiten

Der Berg ruft! - Kubernetes angehen: Schritt für Schritt

Was tut sich in der Java-Welt?

Umwege zum Glück - Dev(Ops) Experience Cloud-Native