Protect your REST APIs in API Gateway

API Gateway provides a number of ways to protect your API from certain threats, like malicious users or spikes in traffic. You can protect your API using strategies like generating SSL certificates, configuring a web application firewall, setting throttling targets, and only allowing access to your API from a Virtual Private Cloud (VPC). In this section you can learn how to enable these capabilities using API Gateway.

Topics

How to turn on mutual TLS authentication for your REST APIs in API Gateway
Generate and configure an SSL certificate for backend authentication in API Gateway
Use AWS WAF to protect your REST APIs in API Gateway
Throttle requests to your REST APIs for better throughput in API Gateway
Private REST APIs in API Gateway

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Sell your APIs as SaaS

Mutual TLS