Skip to content

Publish APIs through HTTPS connections#

Security · API Management · Rule · 2020_06 · Important

Enforce HTTPS for communication to API clients.


When an client connects to API Management it can use HTTP or HTTPS. Each API can be configured to accept connection for HTTP and/ or HTTPS. When using HTTP, sensitive information may be exposed to an untrusted party.


Consider setting the each API to only accept HTTPS connections. In the portal, this is done by configuring the HTTPS URL scheme.