svix · svix-onelson · May 30, 2024 · May 30, 2024 · tasn · May 30, 2024
@@ -24,3 +24,27 @@ full descriptions of each endpoint as well as all the fields they send.
 If you don't specify any event types, by default, your endpoint will receive all events, regardless of type.
 This can be helpful for getting started and for testing, but we recommend changing this to a subset later on
 to avoid receiving unexpected messages.
+
+### Configuring mTLS
+
+Svix now supports Mutual TLS (mTLS), per endpoint. At this time this feature is only configurable via API.
+
+- `PUT $SVIX_ROOT/api/v1/app/APP/endpoint/ENDPOINT/mtls` to set the configuration options.
+- `DELETE $SVIX_ROOT/api/v1/app/APP/endpoint/ENDPOINT/mtls` to clear any previously set configuration.
+
+The `PUT` body consists of one key:
+- `identity` (required) a PEM encoded private key and X509 certificate used by the webhook sender to authenticate itself.
+
+
+Example:
+
+```sh
+# using jq here to escape the newlines and produce a quoted string
+CLIENT_PEM="$(cat client.pem | jq -sR .)"
+
+curl -sS -H "Authorization: Bearer $TOKEN" \
+	-H "content-type: application/json" \
+	-X PUT \
+	-d '{"identity":'"$CLIENT_PEM"'}' \
+	$SVIX_ROOT/api/v1/app/my-app/endpoint/my-endpoint/mtls
+```