Header background

Monitor client certificate-secured APIs with Dynatrace Synthetic

APIs are the connective tissue in today’s online services. Fun fact: Salesforce and eBay first allowed access to their web APIs in the year 2000. As of 2019, ProgrammableWeb provides searchable access to almost 22,000 APIs, with more being added on a daily basis.

But in today’s fast-changing technology world driven by IoT, microservice based architectures, mobile app integration, automation, and containerization, modern businesses are faced with API security issues more than ever. A broken, exposed, or hacked API can lead to a major data breach. Therefore, companies are increasingly using client certificate authentication (or mutual authentication) for securing APIs.

Dynatrace Synthetic monitors APIs with client certificate authentication

Starting with ActiveGate version 1.175, Dynatrace Synthetic supports client certificate authentication. This allows you to monitor APIs that use mutual authentication based on X.509 certificate validation. This is a secure method of authentication where two parties establishing a connection can identify each other using digital certificates.

By the way, it’s a good thing to remember that these certificates are used for authentication as a part of API security. They are, of course, not a complete solution, as they can be intercepted like any other network traffic. Using authorization along with authentication methods is generally always recommended—OAuth (recently supported by synthetic HTTP monitors) is a leading solution for API authorization.

How to get started

Adding certificate-based authentication when configuring a synthetic HTTP monitor is easy—simply turn on the toggle labeled Add client certificate and select a file to add a certificate to an HTTP request.

The certificate file is then tied to the particular request in the HTTP monitor and is used for future executions of the request.

Note that Accept any SSL certificate is selected by default. You must deselect this option to enable full mutual authentication.

What’s needed to get started?

  • Synthetic location based on ActiveGate version 1.175+
  • .p12 certificate file to be used for authentication

What’s next?

Stay tuned for more Dynatrace Synthetic news, including:

  • Credential vault support for HTTP monitors
  • New public Synthetic locations from already supported cloud vendors
  • Public locations provided by a new cloud vendor