Posted On: Sep 17, 2020

Amazon API Gateway now supports mutual TLS (mTLS) authentication. Customers can now enable mTLS on custom domain names for regional REST and HTTP APIs at no additional cost. Mutual TLS enhances the security of your API and helps protect your data from attacks such as client spoofing or man-in-the middle attacks.  

Historically, API Gateway has supported one-way TLS to ensure that API clients are able to verify API Gateway’s identity by validating its public certificate. With this new feature, customers can now configure a custom domain name to enforce two-way TLS or mTLS which enables certificate-based authentication both ways: client-to-server and server-to-client. This helps you comply with security requirements for your Open Banking solution or easily authenticate devices in an IOT solution.

This new feature is generally available in all regions where API Gateway is available, including Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more, you can read the documentation. For more information about Amazon API Gateway, visit our product page.