Since mutual TLS is possible in both Azure API Gateway and Azure App Gateway .
In App Gateway I see the client certificate ( containing root CA ) cannot be fetched from Azure Key vault but the Azure API Gateway we have integration of Client Certificate ( with root CA ) can be fetched from Azure Key vault.
Is there a difference in the nature of the client certificate in both cases ? ( like the API Gateway we have the public + private but in case of App Gateway its only Public ? )
If we need mutual Auth then can be just directly use API Gateway and we need not to have a App Gateway infront of it ?