15Oca
API Key over HTTPS vs mTLS
I wonder what are the benefits of using mTLS for verifying clients when we have an API Key being sent over HTTPS.
I am thinking on backend to backend communications, where one server needs to fetch data from another server.
As far as I can see both will be able to establish a secure communication channel, where both the server and the client are authenticated (the server by it's certificate, the client by its API key or certificate if using mTLS).
Given the extra complexity of mTLS, I wonder about the actual benefits of using.
