Update mTLS Settings
Overview
Updates mTLS (mutual TLS) settings for an API proxy. mTLS settings configure client certificate authentication for backend connections.
Endpoint
PATCH /apiops/projects/{projectName}/apiProxies/{apiProxyName}/settings/mtls/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
Request Body
Full JSON Body Example
{
"enabled": true,
"keyStoreId": "keystore-id-123",
"trustStoreId": "truststore-id-456",
"supportedProtocolList": [
"TLS_1_2",
"TLS_1_3"
],
"hostnameVerifierType": "STRICT"
}
Request Body Fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| enabled | boolean | No | false | Enable/disable mTLS |
| keyStoreId | string | No* | - | KeyStore ID (required if enabled=true) |
| trustStoreId | string | No | - | TrustStore ID (optional, for server certificate validation) |
| supportedProtocolList | array | No | [] | List of supported TLS/SSL protocols |
| hostnameVerifierType | string | No | NOOP | Hostname verifier type |
EnumSSLContextProtocolType
TLS_1_3- TLS 1.3 (Java name: “TLSv1.3”)TLS_1_2- TLS 1.2 (Java name: “TLSv1.2”)TLS_1_1- TLS 1.1 (Java name: “TLSv1.1”)TLS_1_0- TLS 1.0 (Java name: “TLSv1”)SSL_3_0- SSL 3.0 (Java name: “SSLv3”)
Note: If supportedProtocolList is empty, all protocols are supported.
EnumHostnameVerifierType
NOOP- No hostname verification (not recommended for production)DEFAULT- Default hostname verification (RFC 2818, RFC 6125)STRICT- Strict hostname verification (exact match required)BROWSER_COMPAT- Browser-compatible hostname verification (allows wildcards)
Note: All fields are optional. Only provided fields are updated.
Response
Success Response (200 OK)
{
"success": true
}
Response Fields
| Field | Type | Description |
|---|---|---|
| success | boolean | Indicates if the request was successful |
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "KeyStore ID is required when mTLS is enabled"
}
Error Response (401 Unauthorized)
{
"error": "unauthorized_client",
"error_description": "Invalid token"
}
Error Response (404 Not Found)
{
"error": "not_found",
"error_description": "ApiProxy (name: MyAPI) was not found!"
}
cURL Example
Example 1: Enable mTLS with KeyStore and TrustStore
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/mtls/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"enabled": true,
"keyStoreId": "keystore-id-123",
"trustStoreId": "truststore-id-456",
"supportedProtocolList": ["TLS_1_2", "TLS_1_3"],
"hostnameVerifierType": "STRICT"
}'
Example 2: Enable mTLS with KeyStore Only
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/mtls/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"enabled": true,
"keyStoreId": "keystore-id-123",
"supportedProtocolList": ["TLS_1_2"],
"hostnameVerifierType": "DEFAULT"
}'
Notes and Warnings
- KeyStore: Required when
enabled=true. Contains client certificate and private key - TrustStore: Optional. Contains trusted server certificates for validation
- Protocols: If empty, all protocols are supported. Recommended:
["TLS_1_2", "TLS_1_3"] - Hostname Verification:
NOOPdisables verification (security risk). UseSTRICTorDEFAULTfor production - Connection Pool: When mTLS is enabled, connection pools are disabled
- KeyStore/TrustStore: Must be created/uploaded before use (via KeyStore Management API)
- Permissions: Requires
ROLE_MANAGE_PROXIESpermission
Related Documentation
- Update NTLM Settings - Update NTLM settings
- Update Connection Settings - Update connection settings
- Get API Proxy - Get API proxy details