![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 26%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,452 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Depends. Do you trust the cert chain up to the root? If you do then it is safe to turn it off and it'll speed up things a little. However that also means that if somebody somewhere along the way injects a bogus cert in the chain (not sure how'd they actually do that on APIM though) then you'd never know. Personally I think you should figure out why the higher level cert(s) is/aren't valid. Did somebody use the wrong one? Have you been hacked? Disabling validation chains should be a last resort and only perhaps in sandbox/test environments where you're dealing with non-sensitive data.
You definitely don't want to use HTTP in your APIs (or websites either). The docs say this can be either http or https so you should be using https. Otherwise the cert validation isn't useful.