API mutual TLS

Learn about the prerequisites for setting up enterprise API mTLS

Enabling API mTLS

If you wish to use mTLS when talking to our APIAPI A set of rules and protocols that allows different software applications to communicate with each other. Codat provides APIs for accessing financial data from accounting, banking, and commerce platforms., speak to your account manager.

Mutual TLS (mTLS) is available to our enterprise clients as a mutual authentication method when calling our APIAPI A set of rules and protocols that allows different software applications to communicate with each other. Codat provides APIs for accessing financial data from accounting, banking, and commerce platforms.. mTLS ensures that the parties at each end of a network connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. are who they claim to be. To confirm this, the parties' private cryptographic keys are verified. The information within their respective TLS certificates provides additional verification.

Additional resources

For more information on mTLS and its core concepts, see:

• What is mutual authentication?
• What is a cryptographic key?
• What is an SSL certificate?

Codat can provision our enterprise customers with client certificates to enable mTLS communication with a client or clients. Once this has been issued and enabled on a particular client, all APIAPI A set of rules and protocols that allows different software applications to communicate with each other. Codat provides APIs for accessing financial data from accounting, banking, and commerce platforms. requests on behalf of the configured client must include the public certificate and an x-codat-client: GUID HTTP request header.