I have an API which send some sensitive information to the client.
I need to encrypt outgoing response data using the API Manager. How can I encrypt the outgoing response data?
How to encrypt response payload?
Encrypting payload is not supported out-of-the-box. As mentioned by @ycr, it has to be implemented as a custom mediator and then applied to the Out Sequence. However, while this is possible, we are not recommending this method because using a custom payload encrypter would impact API Manager performance and add considerable overhead to the overall performance.
Refer to this documentation[1] for further information about writing a custom handler.
A side note - if you are using the HTTPS protocol in the transport layer, the message payload has already been encrypted throughout the communication. Therefore message interception by a third-party would not be possible in that scenario.