OutSystems does not natively support Client Certificate Authentication at the application level. However you can configure this at the IIS level by selecting the site -> SSL  Setting and enable 'Require SSL'

You can also using NGINX to verify the client certificate and if its succeeds pass on the requests to OutSystems.

Hi @Mandy Yiu,

To secure a REST API in OutSystems using client-certificate authentication:

1) Ensure your environment supports HTTPS.

2) Obtain or create valid client certificates.

3) In Service Center, upload trusted CA root certificates for client validation under Security settings.

4) Configure the API to require client certificates in the Expose REST API feature.

5) Optionally, use the SSL Client Certificate extension to handle certificate details in your logic.

This ensures only clients with valid certificates can access the API.

hope this helps!

Here's what I found in the documentation:

https://success.outsystems.com/support/security/secure_rest_apis_with_client_side_authentication/