Req uses Finch as its default adapter and Finch uses Mint (which allows all of the Erlang :gen_tcp
and :ssl
socket options to be passed).
So looking at the Req run_finch/1 documentation we see :connect_options
which contains :transport_opts
which defers to Mint for the details.
The mutual TLS options for Mint was answered here as not all options are covered in the Mint documentation, only the ones they alter the semantics of.
So your code will be something like:
Req.post!(url, json: payload, connect_options: [transport_opts: [cacerts: :public_key.cacerts_get(), certfile: ~c"client.pem", password: secret_charlist]])
Note that Erlang needs charlists passed.