Many APIs require that the caller specifies authentication information to verify their identity, and possibly the access rights of that caller. Authentication information can be passed along using HTTP headers (Basic/NTLM/Digest authentication), by exchanging access tokens (OAuth), by requiring the client to include a client certificate in the request, or a combination.

This article discusses the options for client certificates. To set up traditional authentication methods, please read the article on authentication types.

Client certificate types

The Client certificate section on the Request tab of a Multi-step API monitor offers the following options. If you're using multiple steps in your step definition, please ensure you have the desired settings for each step.

  • Uptrends client certificate: This option is useful if you require your API users to generate and include their own client certificate to prove their identity. If you choose this option, a certificate owned by Uptrends will be included when the HTTP request is sent. Your API can verify that incoming request using the corresponding public key. If it matches, you can be sure that the request is coming from someone who owns the original certificate (i.e. Uptrends), and no-one else. For more information, please read the article about Uptrends' public key information.
  • Custom client certificate: Use this option when you own or control the client certificate that should be included in the request. Once you've uploaded the certificate file to Uptrends, you can include it in your Multi-step API monitors. Since you own that certificate, your API will be able to verify incoming requests that use it. Please read the next section for setting this up.
  • None: Choose None if you don't want to include any client certificate in your HTTP request.

Creating a custom client certificate setup

In order to include a client certificate in your Multi-step API monitors, you need to upload it to your Uptrends account first. Certificates (and other sensitive information) are upload to and stored in your Vault. Once you've added a certificate to your vault, you can start using it in your monitor setup.

Uploading a client certificate

When you choose the Custom client certificate option for the first time, you'll notice that there are no certificates available yet. To add one, choose Add certificate to go to the vault. Alternatively, choose Account > Vault in the main menu, and click on Add vault item.

In the New vault item screen, fill in a unique name for the certificate, so you can recognize it later. Ensure that the Type for the new vault item is set to Certificate archive. Optionally fill in any notes you want to add in the Description field.

Finally, specify the certificate file you want to upload. The file must be a PKCS #12 file, or certificate archive, which contains both the private key and the public key. PKCS #12 files have a .pfx or .p12 file extension.

A certificate archive file tends to be encrypted, so we need the corresponding password in order to use it. Please specify the password in the Archive password field, and click Save.

Using a client certificate in a Multi-step API monitor

Once you have stored a suitable client certificate in the vault, you can start using it in a Multi-step API monitor. In the client certificate section of a step, you can click Refresh to re-load the list of available certificates. To finish up, select the appropriate certificate in each step that needs it.