Software AG Products 10.7 | Integrate Software AG Products Using Digital Event Services | API Gateway Configuration Guide | Securing Communication between API Gateway and its Components | Overview
 
Overview
SSL creates a secure connection between servers and clients over the web and internal network, safeguarding sensitive data for secure transmission. The Hypertext Transfer Protocol Secure (HTTPS) is an internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site. The data sent over HTTPS is secured using SSL/TLS, which provides protection using encrypted channels.
The API Management setup comprises various components, such as, API Gateway server, API Gateway UI, Elasticsearch, API Portal, Kibana, and Terracotta. You must create secure connections between these components in order to enable a secure channel of communication. This article explains how to enable SSL support for the components of an API Management setup.
This article assumes that you have API Gateway advanced edition of version 10.2 or later installed. Additionally you have a basic understanding of the following:
*API Gateway and its related components like the user interface (UI)
*API Gateway administration configurations
*Java security using keystore and truststore certificates
The following figure illustrates the full HTTPS configuration in an API Management setup.
For ensuring the security of the data being transferred between two components, you can implement one-way or two-way SSL/TLS. In an API Management setup two-way SSL/TLS can be implemented for secure communication between the following components:
*API Gateway server and client
*API Gateway server and Elasticsearch
*API Gateway UI and API Portal