Skip to content

Publish APIs through HTTPS connections#

Security · API Management · Rule · 2020_06 · Important

Enforce HTTPS for communication to API clients.

Description#

When an client connects to API Management it can use HTTP or HTTPS. Each API can be configured to accept connection for HTTP and/ or HTTPS. When using HTTP, sensitive information may be exposed to an untrusted party.

Recommendation#

Consider setting the each API to only accept HTTPS connections. In the portal, this is done by configuring the HTTPS URL scheme.

Comments