There are two ways to secure the communication between APM Agents and the APM Server. Both options can be enabled at the same time, allowing Elastic APM agents to chose whichever mechanism they support.

As soon as secure communication is enabled, requests without a valid token or API key will be denied by APM Server. As RUM endpoints cannot be secured, they are exempt from this rule.