Your company is using Amazon API Gateway to expose its APIs to external clients. To ensure the confidentiality and integrity of data in transit between the clients and the backend services, which of the following steps should you take?