Regardless of your deployment infrastructure, it is essential that you secure your API management platform. This section provides the guidelines to choose an API Gateway architecture based on your security requirements.

Private cloud vendors follow cloud-native procedure such as Defense in Depth. Most vendors offer guidelines, but it might vary across providers. They implement combination of security measures such as networking filters, firewall rules, Web Application Firewall (WAF), and so on.