Webhook OAuth2 2-legged mTLS connector

The Webhook OAuth2 2-legged mTLS connector is currently in Early Access and is available to select customers only. Contact your Tealium Support representative to get started.

The Webhook OAuth2 two-legged mTLS connector extends the OAuth2 2-legged webhook authentication with mutual TLS (mTLS). Instead of using a client secret, Tealium presents a DigiCert-issued client certificate to your endpoint during the TLS handshake.

How it works

In this authentication model, Tealium is the TLS client and your API endpoint is the TLS server.

1. Tealium generates a client certificate signed by DigiCert that is valid for one year.
2. You download the client certificate and provide it to your API gateway or server administrator.
3. Configure your server to trust the certificate by either:
   • Trusting the DigiCert root and intermediate certificate authorities and validating the certificate identity.
   • Explicitly allowing the specific client certificate or certificate fingerprint provided by Tealium.
4. When Tealium sends a request to your endpoint, your server requests the client certificate during the TLS handshake.
5. Tealium presents the certificate and proves ownership of the associated private key.
6. Your server validates the certificate chain and verifies that the client certificate meets your configured trust requirements before allowing the connection.

Configure mTLS authentication

Use the following settings to configure mTLS authentication:

To configure mTLS authentication for the webhook connector:

1. In the connector configuration, select OAuth2 (2-legged) with mTLS as the authentication type.
2. Select a Key Algorithm and click Generate.
3. Click Download Certificate and provide the certificate to the administrator of your API gateway or server.

For all other webhook configuration, see Webhook actions and parameters.