Software AG Products 10.7 | Administering API Portal | Configuring API Portal | Security Considerations | Securing Client Requests
 
Securing Client Requests
webMethods API Portal supports both HTTP and HTTPS, allowing it to listen on an HTTP port for non-secure client requests and an HTTPS port for secure requests.
Unlike HTTP, HTTPS provides for secure data transmission. HTTPS does this through encryption and certificates. Without HTTPS, unauthorized users might be able to capture or modify data, use IP spoofing to attack servers, access unauthorized services, or capture passwords.
By default, the API Portal load balancer component is set to allow both unencrypted HTTP and encrypted HTTPS/SSL access. Software AG recommends using HTTPS to ensure a secure connection, and disabling the HTTP port.
For instructions on how to disable the HTTP port, see Disabling a Port.