SSL Certificates for just API or do clients need them to?

Question

I have a RESTFul API that I want to secure using SSL Certs. If I were to get some SSL certificates, would I need separate ones for each of my web clients that use my API or

Answer 1

The SSL certificate is installed on your web server hosting your REST API. The clients don't need to have a certificate to securely exchange data with your server.

Think about all the e-banking/e-shopping sites that you probably use. You don't specifically install any certificates on your computer to be able to use them. As long as you trust the certification authority that issued the certificates to those websites (handled by your computer transparently), your computer can connect to them over SSL.

So, as long as your own server's SSL certificate is valid and issued by a trusted certification authority, your clients will be able to connect securely over SSL without needing separate certificates.