API Authentication Methods

The TSB supports three different authentication methods:

1. JWT tokens
2. Mutual TLS (mTLS)
3. Traditional API keys

Using these methods you can control access to the REST API. It is possible to combine these methods, for example to require both mTLS and an API key.

For configuration instructions, please follow the links above. JWT is currently not available for on-premise TSB deployments.

tip

In CloudHSM, the Securosys-hosted TSBaaS uses JWTs for authentication. If desired, mTLS can be set up for your account. To request this, please contact support.

Comparison

• JWTs are a secure, general-purpose authentication mechanism. JWTs are mandatory in CloudHSM.
• mTLS provides strong bi-directional authentication, securing the underlying TLS channel. This prevents unauthenticated users from even establishing a TLS connection, let alone make API requests.
• API keys enable fine-grained access control. You can issue API keys that are scoped only to certain operations, such as key management, key usage, or SKA approval.