Documentation on limiting API traffic to internal-only?

Hi,

Not by default. It would depend on how your Node app is running. Most will have http.createServer (in some kind of app.js or equivalent) and so will use http, likely on 3000 or 8080.

If you want https internally you could try changing that to https.createServer … and so would need to provide that with a key and cert in its options. See e.g HTTPS | Node.js v21.2.0 Documentation.

Do you need to do that? I’d say no since …