Backend protocol HTTPS vs HTTP
Your target API server should allow access only via SSL (HTTPS vs. HTTP) so that
all traffic in and out is encrypted.
For this, you need to obtain a certificate and private key from a Certificate Authority (CA) such as Comodo. This key and certificate need to be installed and configured into the engine (IIS, Tomcat, and so on) that is hosting your API. The instructions for doing this are beyond the scope of this guide.