API Gateway 10.5 | Configuring API Gateway | Securing API Gateway and its Components | Overview
 
Overview
The basic API Management setup comprises of API Gateway, the API Clients, Users, Backend services, and API Portal. This section describes how to secure communication, by leveraging SSL/TLS, between API Gateway and the API Clients, Users, Backend services, and API Portal.
The API Gateway setup comprises various components, such as, API Gateway server, API Gateway UI, and API Gateway Data Store. This section also describes how to secure the communication between the components of API Gateway.
The following figure illustrates how API Gateway communicates securely using HTTPS in the basic API Management setup.
For ensuring the security of the data being transferred between two components, you can implement one-way or two-way SSL/TLS. In an API Management setup you can configure a secure communication between the following:
*API Gateway and API clients. For details, see How Do I Secure API Gateway Server Communication with API Clients?
*API Gateway UI and Users. For details, see How do I Secure API Gateway User Interface Communication?
*API Gateway and API Portal. For details, see How do I Configure a Secure Communication Channel between API Gateway and API Portal?
*API Gateway and API Gateway Data Store. For details, see How do I Secure API Gateway Data Store Communication?