Protecting your REST API

API Gateway provides a number of ways to protect your API from certain threats, like malicious users or spikes in traffic. You can protect your API using strategies like generating SSL certificates, configuring a web application firewall, setting throttling targets, and only allowing access to your API from a Virtual Private Cloud (VPC). In this section you can learn how to enable these capabilities using API Gateway.

Topics

Configuring mutual TLS authentication for a REST API
Generate and configure an SSL certificate for backend authentication
Using AWS WAF to protect your APIs
Throttle API requests for better throughput
Creating a private API in Amazon API Gateway

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Sell your APIs as SaaS

Mutual TLS