Hi Komalapriya Ravi Thanks for reaching out. Yes, it is possible to implement two-way SSL authentication in Azure API Management (APIM) layer.
To implement two-way SSL authentication, you can use client certificate authentication in APIM. This involves configuring APIM to require a client certificate from the client making the request, and then validating the certificate against a trusted certificate authority (CA) to ensure that it is valid.
Here are the high-level steps to implement two-way SSL authentication in APIM:
- Configure your backend service to require client certificates for incoming requests.
- Upload the root certificate of the CA that issued the client certificates to APIM.
- Configure APIM to require client certificates for incoming requests.
- Configure APIM to validate the client certificate against the trusted CA.
You can find more detailed information on how to implement two-way SSL authentication in APIM in the following Microsoft documentation:
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates
Hope the above clears things up. Let me know if you have any queries or concerns.
Please "Accept Answer" if the answer is helpful so that it can help others in the community.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 56.00000000000001%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
