You’ve probably heard about TLS. It is a security protocol that sits between the transport and application layers (in the TCP/IP model) and essentially encrypts application-layer traffic. This encryption provides a guarantee to the client that:
- The server is who they say they are.
- Its communication with the server is confidential and cannot be spied on by a third party.
- Data received is untouched/unmodified along the way.
The regular TLS achieves all three above with a caveat - it provides no guarantee to the server that the client is who they say they are. As a result, verifying the client is done by the application using techniques like basic authentication (using usernames and passwords), Bearer/Access Tokens, or mutual TLS.