Transport Layer Security (TLS)
Learn about transport layer security and how it secures transmission in APIs.
We'll cover the following...
Motivation
We have established that APIs are significant for businesses and their smooth functioning. However, to ensure their successful operation, we need a layer of security to protect data in various communication channels. The transmission of requests and subsequent responses between a client and server must be secured. Otherwise, attackers can intercept these transmissions, which can subsequently lead to information disclosure and tampering.
Assume the following simplistic view of a client-server communication that is being performed using unsecured public Wi-Fi. Without the application of any relevant security protocols, the messages we send and the API requests and responses generated are left vulnerable to any attacker over the network.
Referring to the diagram above, we need to be able to answer the following questions to guarantee a secure transmission:
How does the client know that the server it’s talking to is exactly the one the client intended?
How do we achieve confidentiality/secrecy of the messages?
How does the client know about the integrity of the message it has received?
How do we verify the authenticity of messages received from the server?
So, we need to utilize a framework/model that ensures the desired security properties during transmission to prevent attacks.
Transport layer security (TLS)
Transport layer security (TLS) is a cryptographic protocol that permits safe transmission between the client and API provider. TLS ensures message authentication, encryption, and data integrity.
In a client-server communication, the server usually requests authentication from clients using sensitive credentials, like a username and password, an API key, and tokens (we’ll explore these techniques in the coming lessons). However, using TLS, the client is able to authenticate the server prior to client authentication. TLS achieves this with the help of
What is the difference between TLS and SSL?
Right now, it may appear that encryption is TLS’ most essential feature. However, the identification and the subsequent prevention of attacks are just as important. ...