The default way of authenticating with the API is by providing the API key with each request. Additionally, Sealninja also supports strong authentication by means of Mutual TLS when sealing or verifying documents.
With Mutual TLS Authentication, not only the identity of the server is proven to the client (as is typically the case with https requests), but the identity of the client is also proven to the server. For this, the client has to use a certificate provided by a Certificate Authority when sending a request to the server. An extensive explanation on how this works can be found in this acticle by Andrew Howden.
Mutual TLS Authentication can be enabled from the account settings page. Once enabled, a X.509 certificate chain has to be used for every API request. The certificate has to be provided by a Certificate Authority, and the domain (common name) of the certificate should match the domain of the account's email address.
An example request to seal a document with curl using a certificate could look something like this:
The identity as provided by the certificate will also be added to the document's seal, making it available to everyone for verifying the document's origin at a later stage. The following certificate identity properties will be added to the seal, if available: country name, state or province name, locality name, organization name, organizational unit name, and common name.
Hence, when verifying a document sealed using Mutual TLS Authentication, the seal could look something like this: