It was found that the API server doesn't contain a secure port. Setting an secure port allows https communication. Without it, the communication will be unencrypted.
Recommended Mitigation
It is recommended to set '--secure-port' which is not zero in the configuration file.