The basic API Management setup comprises of API Gateway, the API Clients, Users, Backend services, and API Portal. This section describes how to secure communication, by leveraging SSL/TLS, between API Gateway and the API Clients, Users, Backend services, and API Portal.

The API Gateway setup comprises various components, such as, API Gateway server, API Gateway UI, and API Gateway Data Store. This section also describes how to secure the communication between the components of API Gateway.

The following figure illustrates how API Gateway communicates securely using HTTPS in the basic API Management setup.

For ensuring the security of the data being transferred between two components, you can implement one-way or two-way SSL/TLS. In an API Management setup you can configure a secure communication between the following: