If the API portal is hosted within the intranet, is it a good practice or a standard to utilize a proxy server like Apache hosted on the DMZ to front all the externally generated traffic to the portal ?
In such a case, would the Proxy server primarily just enable reverse proxying or is it used to terminate SSL (we could terminate the traffic at the Load balancer, so not sure if this feature is necessary) and take up other roles such as authenticating the user and passing on a token to portal ?