Building and Securing API Gateway Architecture

If the connection from clients to your API gateway isn't encrypted, all messages you send and receive are out in the open for all to read. In looking for a way in, attackers will make use of all features of an API, even the undocumented ones; security by obscurity is not a realistic defense…









