Start monitoring today and get 20% off on your first invoice. Available on all Uptrends plans.

Many APIs require that the caller specifies authentication information to verify their identity, and possibly the access rights of that caller. Authentication information can be passed along using HTTP headers (Basic/NTLM/Digest authentication), by exchanging access tokens (OAuth), by requiring the client to include a client certificate in the request, or a combination.

This article discusses the options for client certificates. To set up traditional authentication methods, please read the article on authentication types.

Client certificate types

The Client certificate section on the Request tab of a Multi-step API monitor offers the following options. If you're using multiple steps in your step definition, please ensure you have the desired settings for each step.

  • Uptrends client certificate: This option is useful if you require your API users to generate and include their own client certificate to prove their identity. If you choose this option, a certificate owned by Uptrends will be included when the HTTP request is sent. Your API can verify that incoming request using the corresponding public key. If it matches, you can be sure that the request is coming from someone who owns the original certificate (i.e. Uptrends), and no-one else. For more information, please read the article about Uptrends' public key information.
  • Custom client certificate: Use this option when you own or control the client certificate that should be included in the request. Once you've uploaded the certificate file to Uptrends, you can include it in your Multi-step API monitors. Since you own that certificate, your API will be able to verify incoming requests that use it. Please read the next section for setting this up.
  • None: Choose None if you don't want to include any client certificate in your HTTP request.