Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mTLS docs #104

Merged
merged 1 commit into from
Oct 10, 2024
Merged

mTLS docs #104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions api-reference/customer-cards/protocol.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,10 @@ Errors are classified into two categories:
1. **Retriable errors**: these are transient issues where retrying once is appropriate
2. **Integration errors**: these are typically programming or configuration errors. These errors won't be retried and cached for 5 minutes.

## Security

Plain supports [request signing](/api-reference/request-signing) and [mTLS](/api-reference/mtls) to verify that the request was made by Plain and not a third party.

### Retriable errors

The following errors are **retried once** after a **1-second delay**:
Expand Down
36 changes: 36 additions & 0 deletions api-reference/mtls.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
title: 'mTLS'
---

All outbound requests made to your **webhook targets** and **customer card endpoints** include a client TLS certificate which you can verify to achieve mutual authentication.

This certificate is self-signed. In order to verify it, we provide our CA's certificate (in PEM format), which you will need to add to your server/truststore:

```
-----BEGIN CERTIFICATE-----
MIIDDzCCAfegAwIBAgIUYpBaPwE3ax76Ly63jq88l3JYdQkwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLUGxhaW5NdGxzQ0EwIBcNMjQxMDA5MTEzMzIwWhgPMjEy
NDA5MTUxMTMzMjBaMBYxFDASBgNVBAMMC1BsYWluTXRsc0NBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyDRzyrtm9AqMo8MgFYkPrpme6qi5bJDF/1r
hd2Xs0xVucqTz7SMsVACxfpHvamWg/d5n2655tCQV0QWEot/DRjWJx+rxf1NQLkJ
TK13c9o6ED62hzhm1MLyLFx11BorZKk6+CwNTp0hHdAQlASapFpQFwjtHtnRNUCr
VjQiB79Qwx/0sw3vkhEmWuqy9ot7k6/31hexHkqAe4IRcBE7nmQhA2/BNfZdM6so
z6cX4XEmPks+GEgP0K0362wRuugdn31lFuOXW7o3g0H0hsk2vEu5VonfvfVs71H5
7Ih7ngJADKF/Zhza6xvEU88dpxvbXBnB2rIdeIjQ/Iei9KR8gwIDAQABo1MwUTAd
BgNVHQ4EFgQUI2yEkljVdGcvHaKo7UTYVENZs7wwHwYDVR0jBBgwFoAUI2yEkljV
dGcvHaKo7UTYVENZs7wwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AQEAFPx/Fd9SOpGuaaZjc8EBmLfo6RJ8EjPImjw+ifsgVtMgTAIPre70Xg7CNozg
QXL0S31bkMRpEnCTTaVfo3B8SXMcFGT9wz7JQmlp2h3TM962LcRFWZQS7mc1b9TI
ko1e6wHtxquQ4HUZcuH267eGu8WuK1USe+YwpwoCdVg/lqHIHLQeX1HUWhs7y8mL
1UQ2Vo/1CJINaMckCZgu8BDOB6Bfz98l7MttfHY+pRwMQ6Dfz2+V8zhd3BHnQIUo
IMJXXsQcVPqqw2OHSpOdeaHcLvitd5Jbznfi4SVMP3CW3HcJIQquLaafzMjgPOIK
Nu6k8VchASKnnXyziDRnQvBwAw==
-----END CERTIFICATE-----
```

<Info>
If you serve your API through AWS API Gateway, you can easily do this by [enabling mTLS and
uploading the
certificate](https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mutual-tls.html)
above as the truststore.
</Info>
2 changes: 1 addition & 1 deletion api-reference/webhooks.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ If you want, you can include basic authentication credentials in your webhook ta
Authorization: Basic cGxhaW46cm9ja3M=
```

Plain also supports [request signing](/api-reference/request-signing) to verify that the request was made by Plain and not a third party.
Plain also supports [request signing](/api-reference/request-signing) and [mTLS](/api-reference/mtls) to verify that the request was made by Plain and not a third party.

## Delivery semantics

Expand Down
Loading