Update mTLS Settings

​

Endpoint

PATCH /apiops/projects/{projectName}/apiProxies/{apiProxyName}/settings/mtls/

​

Authentication

​

Header

Authorization: Bearer YOUR_TOKEN

​

Request

​

Headers

​

Path Parameters

​

Request Body

​

Full JSON Body Example

{
  "enabled": true,
  "keyStoreId": "keystore-id-123",
  "trustStoreId": "truststore-id-456",
  "supportedProtocolList": [
    "TLS_1_2",
    "TLS_1_3"
  ],
  "hostnameVerifierType": "STRICT"
}

​

Request Body Fields

​

EnumSSLContextProtocolType

• TLS_1_3 - TLS 1.3 (Java name: “TLSv1.3”)
• TLS_1_2 - TLS 1.2 (Java name: “TLSv1.2”)
• TLS_1_1 - TLS 1.1 (Java name: “TLSv1.1”)
• TLS_1_0 - TLS 1.0 (Java name: “TLSv1”)
• SSL_3_0 - SSL 3.0 (Java name: “SSLv3”)

​

EnumHostnameVerifierType

• NOOP - No hostname verification (not recommended for production)
• DEFAULT - Default hostname verification (RFC 2818, RFC 6125)
• STRICT - Strict hostname verification (exact match required)
• BROWSER_COMPAT - Browser-compatible hostname verification (allows wildcards)

​

Response

​

Success Response (200 OK)

{
  "success": true
}

​

Response Fields

​

Error Response (400 Bad Request)

{
  "error": "bad_request",
  "error_description": "KeyStore ID is required when mTLS is enabled"
}

​

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Invalid token"
}

​

Error Response (404 Not Found)

{
  "error": "not_found",
  "error_description": "ApiProxy (name: MyAPI) was not found!"
}

​

cURL Example

​

Example 1: Enable mTLS with KeyStore and TrustStore

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/mtls/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "keyStoreId": "keystore-id-123",
    "trustStoreId": "truststore-id-456",
    "supportedProtocolList": ["TLS_1_2", "TLS_1_3"],
    "hostnameVerifierType": "STRICT"
  }'

​

Example 2: Enable mTLS with KeyStore Only

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/mtls/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "keyStoreId": "keystore-id-123",
    "supportedProtocolList": ["TLS_1_2"],
    "hostnameVerifierType": "DEFAULT"
  }'

​

Notes and Warnings

• KeyStore: Required when enabled=true. Contains client certificate and private key
• TrustStore: Optional. Contains trusted server certificates for validation
• Protocols: If empty, all protocols are supported. Recommended: ["TLS_1_2", "TLS_1_3"]
• Hostname Verification: NOOP disables verification (security risk). Use STRICT or DEFAULT for production
• Connection Pool: When mTLS is enabled, connection pools are disabled
• KeyStore/TrustStore: Must be created/uploaded before use (via KeyStore Management API)

​

Permissions

​

Related Documentation

• Update NTLM Settings - Update NTLM settings
• Update Connection Settings - Update connection settings
• Get API Proxy - Get API proxy details