# Protect your REST APIs in API Gateway
<a name="rest-api-protect"></a>

API Gateway provides a number of ways to protect your API from certain threats, like malicious users or spikes in traffic. You can protect your API using strategies like generating SSL certificates, configuring a web application firewall, setting throttling targets, and only allowing access to your API from a Virtual Private Cloud (VPC). In this section you can learn how to enable these capabilities using API Gateway.

**Topics**
+ [How to turn on mutual TLS authentication for your REST APIs in API Gateway](rest-api-mutual-tls.md)
+ [Generate and configure an SSL certificate for backend authentication in API Gateway](getting-started-client-side-ssl-authentication.md)
+ [Use AWS WAF to protect your REST APIs in API Gateway](apigateway-control-access-aws-waf.md)
+ [Throttle requests to your REST APIs for better throughput in API Gateway](api-gateway-request-throttling.md)
+ [Private REST APIs in API Gateway](apigateway-private-apis.md)