In this second post, we expand on the solution from the previous post. We’ll deploy API Management inside a virtual network, positioning it behind an application gateway. We’ll configure the application gateway with an mTLS listener to validate client certificates and forward them to API Management for further processing. This approach can also be used with other types of backends, such as an ASP.NET Web API.