end-to-end Mutual TLS (mTLS) for authenticating DSS API consumers

I am writing to discuss an important security related matter to our integration with DSS APIs. Previously, We have been informed that DSS is not currently using end-to-end Mutual TLS (mTLS) for authenticating API consumers. While we understand the operational considerations, our security team has raised this as a significant concern due to the sensitivity of the data being exchanged.

We prioritize the security and integrity of our data and communications. End-to-end mTLS provides an additional layer of security by ensuring that both the client and the server authenticate each other, thereby mitigating the risk of man-in-the-middle attacks and unauthorized access.

We would greatly appreciate your insights and suggestions on how we can address this concern. Specifically, we are interested in understanding:

• Are there any plans to implement end-to-end mTLS or similar robust authentication mechanisms in the near future?
• If mTLS is not feasible, are there alternative security measures that we can consider to enhance the security of our API interactions?

We value our partnership with DSS and are confident that together we can find a solution that meets our security requirements.

Thank you for your attention to this matter. We look forward to your response and any guidance you can provide.