API Gateway 10.15 | Administering API Gateway | Security Configuration | Securing API Gateway Communication using TLS | How do I Secure API Data Store Communication using HTTPS?
 
How do I Secure API Data Store Communication using HTTPS?
 
How do I Secure API Data Store Communication using HTTPS with ReadonlyREST Plugin?
Creating a Custom Keystore with Self-Signed Certificates
You can secure API Data Store (a simple Elasticsearch instance), one of the components in an API Management setup, to communicate securely over HTTPS. To secure API Data Store, you can use the following security plugins:
*X-Pack. For details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-minimal-setup.html
*ReadonlyREST. For details, see How do I Secure API Data Store Communication using HTTPS with ReadonlyREST Plugin?.
Both the plugins offer encryption, authentication, and authorization to protect data from attackers and other misuses. The plugins secure API Data Store by exposing it over HTTPS, and enables basic authentication by configuring users.