Skip to main content

Mutual TLS (mTLS)

All Fortis API calls require Mutual TLS (mTLS) to establish a secure, two-way authenticated connection between your application and our servers. Unlike standard TLS, which authenticates only the server, mTLS enforces authentication on both ends of the connection. This ensures that:

  • Only verified clients can access Fortis APIs.
  • Fortis servers are also authenticated by the client.
  • Data exchange occurs only between trusted parties.

This approach helps protect sensitive data, prevent impersonation, and block unauthorized access.

How it Works

mTLS uses public key cryptography involving a pair of keys:

  • A public key, included in a TLS certificate, and
  • A private key, securely held by the certificate owner.

When your client application connects to Fortis:

  1. It presents its certificate signed by a Trusted Certificate Authority (CA).
  2. Fortis verifies this certificate and, in return, presents its own for your client to verify.
  3. Only if both parties are validated does the secure connection proceed.
info

Fortis team will provide your mTLS certificates during your onboarding.