API Gateway listens for requests on ports that you specify. Each port is associated with a specific type of protocol, HTTP or HTTPS. In addition to these port types, API Gateway also provides three ports; API Gateway external port, API Gateway internal listener port, and the WebSocket listener port.

You can specify one or more HTTP or HTTPS ports on which API Gateway and the deployed APIs are available for consumption. API Gateway, by default, is available on the primary HTTP port. The primary HTTP port is the port specified on the Integration Server's Security > Ports page.

If your API Gateway is behind an internal firewall and is not allowed to accept communications from external clients through the DMZ, then you can configure the API Gateway instance in DMZ with an external port to listen to requests from external clients and using reverse invoke route them to the internal servers. The API Gateway internal listener port or the WebSocket listener port pulls the requests from the registration port of API Gateway in DMZ thus safeguarding from any malicious attacks.

External clients send requests to API Gateway. API Gateway external port listens to this client information from each request and evaluates the request against any API Gateway rules that have been defined. It then passes requests that have not violated a rule to the API Gateway internal port or the WebSocket listener port . These listener ports process the requests and send the responses to API Gateway, which then passes the responses back to the client.