Update mTLS Settings
Endpoint
PATCH /apiops/projects/{projectName}/apiProxies/{apiProxyName}/settings/mtls/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
Request Body
Full JSON Body Example
{
"enabled": true,
"keyStoreId": "keystore-id-123",
"trustStoreId": "truststore-id-456",
"supportedProtocolList": [
"TLS_1_2",
"TLS_1_3"
],
"hostnameVerifierType": "STRICT",
"disableSslValidation": false,
"deploy": false,
"deployTargetEnvironmentNameList": []
}
Request Body Fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| enabled | boolean | No | false | Enable/disable mTLS |
| keyStoreId | string | No* | - | KeyStore ID (required if enabled=true) |
| trustStoreId | string | No | - | TrustStore ID (optional, for server certificate validation) |
| supportedProtocolList | array | No | [] | List of supported TLS/SSL protocols |
| hostnameVerifierType | string | No | NOOP | Hostname verifier type |
| disableSslValidation | boolean | No | false | Disable SSL/TLS certificate validation entirely |
| deploy | boolean | No | false | If true, deploy the API proxy after saving changes |
| deployTargetEnvironmentNameList | array[string] | No | - | List of environment names to deploy to (required when deploy=true) |
EnumSSLContextProtocolType
TLS_1_3- TLS 1.3 (Java name: "TLSv1.3")TLS_1_2- TLS 1.2 (Java name: "TLSv1.2")TLS_1_1- TLS 1.1 (Java name: "TLSv1.1")TLS_1_0- TLS 1.0 (Java name: "TLSv1")SSL_3_0- SSL 3.0 (Java name: "SSLv3")
Note: If supportedProtocolList is empty, all protocols are supported.
EnumHostnameVerifierType
NOOP- No hostname verification (not recommended for production)DEFAULT- Default hostname verification (RFC 2818, RFC 6125)STRICT- Strict hostname verification (exact match required)BROWSER_COMPAT- Browser-compatible hostname verification (allows wildcards)
Note: All fields are optional. Only provided fields are updated.
Response
Success Response (200 OK)
{
"success": true
}
Response Fields
| Field | Type | Description |
|---|---|---|
| success | boolean | Indicates if the request was successful |
When deploy=true is specified:
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
| Field | Type | Description |
|---|---|---|
| deploymentResult | object | Only present when deploy=true |
| deploymentResult.success | boolean | Overall deployment success status |
| deploymentResult.deploymentResults | array | Per-environment deployment results |
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "KeyStore ID is required when mTLS is enabled"
}
Error Response (401 Unauthorized)
{
"error": "unauthorized_client",
"error_description": "Invalid token"
}
Error Response (404 Not Found)
{
"error": "not_found",
"error_description": "ApiProxy (name: MyAPI) was not found!"
}
cURL Example
Example 1: Enable mTLS with KeyStore and TrustStore
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/mtls/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"enabled": true,
"keyStoreId": "keystore-id-123",
"trustStoreId": "truststore-id-456",
"supportedProtocolList": ["TLS_1_2", "TLS_1_3"],
"hostnameVerifierType": "STRICT"
}'
Example 2: Enable mTLS with KeyStore Only
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/mtls/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"enabled": true,
"keyStoreId": "keystore-id-123",
"supportedProtocolList": ["TLS_1_2"],
"hostnameVerifierType": "DEFAULT"
}'
Example 3: Save and Deploy
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/mtls/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"enabled": true,
"keyStoreId": "keystore-id-123",
"supportedProtocolList": ["TLS_1_2", "TLS_1_3"],
"hostnameVerifierType": "STRICT",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"]
}'
Notes and Warnings
- KeyStore: Required when
enabled=true. Contains client certificate and private key - TrustStore: Optional. Contains trusted server certificates for validation
- Protocols: If empty, all protocols are supported. Recommended:
["TLS_1_2", "TLS_1_3"] - Hostname Verification:
NOOPdisables verification (security risk). UseSTRICTorDEFAULTfor production - Connection Pool: When mTLS is enabled, connection pools are disabled
- SSL Validation: When
disableSslValidation=true, the gateway skips SSL certificate verification when connecting to the backend. This is a security risk and should only be used in development/testing environments. - KeyStore/TrustStore: Must be created/uploaded before use (via KeyStore Management API)
- Deploy: When
deploy=true, the API proxy is automatically deployed to the specified environments after saving
Permissions
User must have API_MANAGEMENT + MANAGE permission in the project.
Related Documentation
- Update NTLM Settings - Update NTLM settings
- Update Connection Settings - Update connection settings
- Get API Proxy - Get API proxy details