API Gateway 10.11 | Administering API Gateway | Security Configuration | Securing API Gateway Communication using TLS | How do I Secure API Data Store Communication using HTTPS?
 
How do I Secure API Data Store Communication using HTTPS?
 
How do I Secure API Data Store Communication using HTTPS with ReadonlyREST Plugin?
How do I Secure API Data Store Communication using HTTPS with Search Guard Plugin ?
Creating a Custom Keystore with Self-Signed Certificates
You can secure API Data Store (a simple Elasticsearch instance), one of the components in an API Management setup, to communicate securely over HTTPS. To secure API Data Store, you can use the following security plugins:
*ReadonlyREST. For details, see How do I Secure API Data Store Communication using HTTPS with ReadonlyREST Plugin?.
*Search Guard. For details, see How do I Secure API Data Store Communication using HTTPS with Search Guard Plugin ?.
Both the plugins offer encryption, authentication, and authorization to protect data from attackers and other misuses. The plugins secure API Data Store by exposing it over HTTPS, and enables basic authentication by configuring users.
Note:
Starting version 10.7, the Search Guard security plugin is not shipped with API Gateway. Customers can download a security plugin and configure as per their requirement.