The message transmission security is guaranteed with message signing, signature validation, and message encryption.
The following diagram illustrates the end-to-end message transmission flow with security considered.
Figure 1. Message transmission flow
Message signing and signature validation are required for all requests and responses.
Message encryption and decryption is optional based on your requirements. If there is sensitive information, such as a password or certificate, enclosed in a message, it is strongly recommended to encrypt the message.
If encryption is adopted, encrypt the message body before it's signed.