Designing A 2-Way SSL RESTful API

Posted by Mithir on Programmers See other posts from Programmers or by Mithir
Published on 2012-06-03T09:06:57Z Indexed on 2012/06/03 10:47 UTC
Read the original article Hit count: 390

Filed under:

api

|

rest

|

wcf

|

api-design

|

ssl

I am starting to develop a WCF API, which should serve some specific clients.

We don't know which devices will be using the API so I thought that using a RESTful API will be the most flexible choice.

All devices using the API would be authenticated using an SSL certificate (client side certificate), and our API will have a certificate as well ( so its a 2 Way SSL)

I was reading this question over SO, and I saw the answers about authentication using Basic-HTTP or OAuth, but I was thinking that in my case these are not needed, I can already trust the client because it possesses the client-side certificate.

Is this design ok? Am I missing anything?

Maybe there's a better way of doing this?

© Programmers or respective owner

Related posts about api

Where does ASP.NET Web API Fit?

as seen on West-Wind - Search for 'West-Wind'
With the pending release of ASP.NET MVC 4 and the new ASP.NET Web API, there has been a lot of discussion of where the new Web API technology fits in the ASP.NET Web stack. There are a lot of choices to build HTTP based applications available now on the stack - we've come a long way from when WebForms… >>> More
An Introduction to ASP.NET Web API

as seen on West-Wind - Search for 'West-Wind'
Microsoft recently released ASP.NET MVC 4.0 and .NET 4.5 and along with it, the brand spanking new ASP.NET Web API. Web API is an exciting new addition to the ASP.NET stack that provides a new, well-designed HTTP framework for creating REST and AJAX APIs (API is Microsoft’s new jargon for a service… >>> More
Introduction to the ASP.NET Web API

as seen on Stephen Walter - Search for 'Stephen Walter'
I am a huge fan of Ajax. If you want to create a great experience for the users of your website – regardless of whether you are building an ASP.NET MVC or an ASP.NET Web Forms site — then you need to use Ajax. Otherwise, you are just being cruel to your customers. We use Ajax extensively in… >>> More
Introduction to the ASP.NET Web API

as seen on Stephen Walter - Search for 'Stephen Walter'
I am a huge fan of Ajax. If you want to create a great experience for the users of your website – regardless of whether you are building an ASP.NET MVC or an ASP.NET Web Forms site — then you need to use Ajax. Otherwise, you are just being cruel to your customers. We use Ajax extensively in… >>> More
How can I setup dependencies for Axis2 / Axiom on Maven2

as seen on Stack Overflow - Search for 'Stack Overflow'
I've tried the following settings on pom.xml to use Axis2 wsdl2code: <dependencies> <dependency> <groupId>org.apache.axis2</groupId> <artifactId>axis2</artifactId> <version>1.5.1</version> </dependency> </dependencies> ... <build> … >>> More

Related posts about rest

REST: How to store and reuse REST call queries

as seen on Programmers - Search for 'Programmers'
I'm learning C# by programming a real monstrosity of an application for personal use. Part of my application uses several SPARQL queries like so: const string ArtistByRdfsLabel = @" PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> SELECT… >>> More
REST Framework - MS Web Api vs the rest of the field

as seen on Programmers - Search for 'Programmers'
I am a .NET developer who is looking into the OSS world for a REST framework similar to Microsoft's Web Api. I'll be starting a personal project soon and need to develop both a web site and an API with the API coming first. I've ruled out Ruby on Rails just because I feel that with my background… >>> More
Self Hosted WCF REST Service or Hosting WCF REST Service in Console Application

as seen on C# Corner - Search for 'C# Corner'
n this article, I will show you How to create a REST based service, How to host a REST,based service in Console application and How to consume a REST Service at client. >>> More
Trouble determining proper decoding of a REST response from an ArcGIS REST service using IHttpModule

as seen on Stack Overflow - Search for 'Stack Overflow'
First a little background on what I am trying to achieve. I have an application that is utilizing REST services served by ArcGIS Server and IIS7. The REST services return data in one of several different formats. I am requesting a JSON response. I want to be able to modify the response (remove… >>> More
WCF REST on .Net 4.0

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
A simple and straight forward article taken from: http://christopherdeweese.com/blog2/post/drop-the-soap-wcf-rest-and-pretty-uris-in-net-4 Drop the Soap: WCF, REST, and Pretty URIs in .NET 4 Years ago I was working in libraries when the Web 2.0 revolution began. One of the things that caught… >>> More