API Proxy is making HTTPS connections from both ends. Is data safe in between? If API Edge gets compromised, is data safe in between? We have to make sure that data is secured end-to-end. Do we need to perform end-to-end encryption to be safe?
1 Like
In both Public and Private Cloud, you are able to protect the data on the critical path Client > Router, Router to Message Processor, and Message Processor to Backend system using TLS.
If you are using Private Cloud, you can see relevant documentation on Edge Operations Guide:
[http://docs.apigee.com/private-cloud/latest/configuring-ssl-edge-premises](http://docs.apigee.com/private-cloud/latest/configuring-ssl-edge-premises)
You may also want to take a look at Virtual Host and Target Server documentation:
Virtual Host:
[http://docs.apigee.com/api-services/content/virtual-hosts](http://docs.apigee.com/api-services/content/virtual-hosts)
Target Server:
[http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_name%7D/targetservers](http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/environments/%7Benv_name%7D/targetservers)