---
title: Managing and Uploading Mutual Authentications
summary: The Mutual TLS API allows for client-to-server authentication using client-side X.509 authentication. The main Mutual Authentication object represents the certificate bundle and other configurations which support Mutual TLS for your domains.
url: https://www.fastly.com/documentation/reference/api/tls/mutual-tls/authentication
---

The Mutual TLS API allows for client-to-server authentication using client-side X.509 authentication. The main Mutual Authentication object represents the certificate bundle and other configurations which support Mutual TLS for your domains.

## Data model

| Field | Type | Description |
|-------|------|-------------|
| `cert_bundle` | string | One or more certificates. Enter each individual certificate blob on a new line. Must be PEM-formatted. Required on create. You may optionally rotate the cert_bundle on update. |
| `enforced` | boolean | Determines whether Mutual TLS will fail closed (enforced) or fail open. A true value will require a successful Mutual TLS handshake for the connection to continue and will fail closed if unsuccessful. A false value will fail open and allow the connection to proceed. Optional. Defaults to true. |
| `name` | string | A custom name for your mutual authentication. Optional. If name is not supplied we will auto-generate one. |
| `relationships.tls_activations.id` | string | Alphanumeric string identifying a TLS activation. |
| `type` | string | Resource type. |
| `created_at` | string | Date and time in ISO 8601 format. (Read-only) |
| `deleted_at` | string | Date and time in ISO 8601 format. (Read-only) |
| `id` | string | Alphanumeric string identifying a mutual authentication. (Read-only) |
| `updated_at` | string | Date and time in ISO 8601 format. (Read-only) |

## API endpoints

### List Mutual Authentications

**GET** `/tls/mutual_authentications`

List all mutual authentications.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `include` | string | query | No | Comma-separated list of related objects to include (optional). Permitted values: <code>tls_activations</code>. Including TLS activations will provide you with the TLS domain names that are related to your Mutual TLS authentication. |
| `page[number]` | integer | query | No | Current page. |
| `page[size]` | integer | query | No | Number of records per page. |

### Create a Mutual Authentication

**POST** `/tls/mutual_authentications`

Create a mutual authentication using a bundle of certificates to enable client-to-server mutual TLS.

### Get a Mutual Authentication

**GET** `/tls/mutual_authentications/{mutual_authentication_id}`

Show a Mutual Authentication.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `include` | string | query | No | Comma-separated list of related objects to include (optional). Permitted values: <code>tls_activations</code>. Including TLS activations will provide you with the TLS domain names that are related to your Mutual TLS authentication. |
| `mutual_authentication_id` | string | path | Yes | Alphanumeric string identifying a mutual authentication. |

### Delete a Mutual TLS

**DELETE** `/tls/mutual_authentications/{mutual_authentication_id}`

Remove a Mutual TLS authentication.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `mutual_authentication_id` | string | path | Yes | Alphanumeric string identifying a mutual authentication. |

### Update a Mutual Authentication

**PATCH** `/tls/mutual_authentications/{mutual_authentication_id}`

Update a Mutual Authentication.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `mutual_authentication_id` | string | path | Yes | Alphanumeric string identifying a mutual authentication. |