Advantages and Disadvantages of Client Side Certificates

by Giulio Delgado.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on apis and web feeds  

You are here: Categories » Internet » APIs and Web Feeds

The API server can generate a certificate and provide it to the client via a secure channel before any requests are made. This certificate is then used in the authentication process; this confirms the identity of both the client and server before requests are made. Although this method provides the greatest level of security (barring a dedicated VPN connection, which won't be covered here), it also has the most strenuous requirements on both sides: not all modules (say, NuSOAP) can handle client-side certificates.

Advantages:

  • Identity confirmed — Both the server and the client can be sure of who they are communicating with.

  • Encryption — Both the request and the response are protected from intermediate prying eyes.

Disadvantages:

  • Increased load — Encrypting and decrypting communications is noticeably more CPU-intensive than unencrypted communications. Every request requires additional back and forth communications to set up the secure socket.

  • Additional server requirements — The server must create a unique client certificate for each client that wishes to access the API. These APIs must be created and stored in a secure location and transmitted to the client via a secure channel.

Client-side certificates are as good as it gets in terms of API security; both the server and client are assured of the other's identity. Just like using an SSL endpoint, client-side certificates stack well with either HTTP authentication or message-based authentication. As with all forms of security, this increased level of security comes with a price: additional CPU load for both the client and the server, and the elimination of several useful client-side tools for interacting with the API.

Share
Leave a comment or ask a question
Total comments: 0

APIs and Web Feeds Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Advantages and Disadvantages of SSL ~ API related - Configuring your web server to present the API over an SSL connection adds protection for both the request and response bodies, while requiring little to no additional coding for the API. Remember (more...)
REST API vs SOAP API technology - The two primary architectures for APIs are REST and SOAP. When creating your API, you really have three options: REST, SOAP, or both. REST APIs are known for being easy and quick to develop for, bu (more...)
How to implement the SOAP technology - Like REST, implementing SOAP involves both generating requests and then handling the response. Whereas handling the SOAP response is similar to the REST result, generating the SOAP request is quite (more...)
Advantages and Disadvantages of Open API - Under an open API, absolutely no security or authentication methods are used. A query is received from the wild, and the system makes its best effort to respond to it appropriately. This has severa (more...)
Common API Performance Techniques - Websites are designed to be accessed by individuals, and as such tend to rely on the relatively slow speed of the user to avoid any performance bottlenecks. This technique fails miserably wi (more...)
Introduction to Web APIs ~ REST vs SOAP - When interacting with web services, generally the choice of which method to use will be made for you. The majority of services operate in either REST or SOAP, not both (Amazon is a notable exceptio (more...)
What are Feeds ~ RSS and ATOM Feed Specifications - You can think of feeds as small modules of information that can be plugged into existing websites, consumed by clients on their desktop, or consumed by aggregators to be presented by users with oth (more...)
Important Considerations When Using Feeds - XML feeds provide a great resource of information, but their use is not without its own special considerations. Security and legal concerns go hand in hand whether you are producing or consuming (more...)
How to implement the REST technology - There are two sides to this tale, the first is how to generate legitimate REST requests, and the second is how to handle the responses correctly. Generating Requests When i (more...)
Why Do You Need to Produce Feeds - Feeds have several advantages, primarily related to consumption, over traditional HTML formats. Many desktop applications are devoted to reading feeds at regular intervals, and many of the new batc (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.