API Gateway 11.1 | Administering API Gateway | Security Configuration | Securing API Gateway Communication using TLS
 
Securing API Gateway Communication using TLS
 
How Do I Secure API Gateway Server Communication with API Clients?
How Do I Secure API Gateway Server Communication with Backend Services?
How do I Secure API Gateway User Interface Communication?
How do I Configure a Secure Communication Channel between API Gateway and Developer Portal?
How do I Secure External Elasticsearch Store Communication using HTTPS?
This section describes how to secure communication, by leveraging SSL/TLS, between API Gateway and the API Clients, Users, Backend services, and Developer Portal.
The following figure illustrates how API Gateway communicates securely using HTTPS in the basic API Management setup.
Securing API Gateway
For ensuring the security of the data being transferred between two components, you can implement one-way or two-way SSL/TLS. In an API Management setup you can configure a secure communication between the following:
*API Gateway and API clients. For details, see How Do I Secure API Gateway Server Communication with API Clients?
*API Gateway UI and Users. For details, see How do I Secure API Gateway User Interface Communication?
*API Gateway and Developer Portal. For details, see How do I Configure a Secure Communication Channel between API Gateway and Developer Portal?
*API Gateway and external Elasticsearch. For details, see How do I Secure External Elasticsearch Store Communication using HTTPS?