Software AG Products 10.11 | Integrate Software AG Products Using Digital Event Services | webMethods API Gateway Documentation | Administrating API Gateway | Security Configuration | Securing API Gateway Server Communication using SSL or TLS | How do I Secure API Data Store Communication using HTTPS?
 
How do I Secure API Data Store Communication using HTTPS?
You can secure API Data Store (a simple Elasticsearch instance), one of the components in an API Management setup, to communicate securely over HTTPS. To secure API Data Store, you can use the following security plugins:
*ReadonlyREST. For details, see How do I Secure API Data Store Communication using HTTPS with ReadonlyREST Plugin?.
*Search Guard. For details, see How do I Secure API Data Store Communication using HTTPS?.
Both the plugins offer encryption, authentication, and authorization to protect data from attackers and other misuses. The plugins secure API Data Store by exposing it over HTTPS, and enables basic authentication by configuring users.
Note:
Starting version 10.7, the Search Guard security plugin is not shipped with API Gateway. Customers can download a security plugin and configure as per their requirement.