Salesforce can use a SSL certificate to authenticate itself with a third party server, but can a third party server authenticate with a Salesforce in the same manner? Our use case is that we have legacy apps that use non-authenticated REST calls, with a mediator that redirects those devices to the correct endpoint, such that the legacy apps do not need to ever have their configuration updated directly. We would like to be able to authenticate as a user and access custom REST web service methods without having to supply a username, password, or token, but still have the client authenticated by way of a SSL certificate, simply by installing the appropriate certificate.
Best Answer
Salesforce supports it now, check the following documents that how to setup it and using methods:
Set Up a Mutual Authentication Certificate
Configure Your API Client to Use Mutual Authentication