# Managing Mobile App Communication and External API Access Control via Secure Gateway Server (SGS) The Secure Gateway Server (SGS) acts as an intermediary to secure the connection between the Central server and its roaming users, preventing direct exposure of the product server to the internet. This guide outlines the steps to manage access control for Mobile App Communication and External API access via Secure Gateway Server. ## Mobile App Communication The mobile app supports managing Windows, Mac, and Linux computers, giving you full control over your IT infrastructure right from your mobile device. It allows you to perform tasks such as installing agents on new computers, retiring computers from the network, deploying patches, and more. To know more, visit these links below: - [Endpoint Central Mobile App | ManageEngine](https://www.manageengine.com/products/desktop-central/desktop-management-mobile-app.html) - [Mobile app for UEM Central | ManageEngine Endpoint Central](https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/configuring_mobile_app.html) ## External API Access External APIs (Application Programming Interfaces) are interfaces that allow different software systems to communicate and interact with each other over the internet or a network. These APIs are typically provided by external services or platforms to allow third-party applications to access specific functionality or data. To know more, visit the link below: - [ManageEngine Endpoint Central API](https://www.manageengine.com/products/desktop-central/api/) ## When do you enable the Mobile App Communication or External API Access settings via Secure Gateway Server? 1. **When managing the server via the mobile app from outside the network:** If you need to manage the Central server using a mobile app while not connected to your organization's internal network (e.g., over the internet), the app must go through the Secure Gateway Server (SGS). To do this, enable the Mobile App Communication settings. 2. **When third-party applications are integrated with Central Server:** For third-party applications integrated with Central Server via the internet (outside the organization's internal network) using a Fully Qualified Domain Name (FQDN) specified in the NAT settings, the connection will go through the Secure Gateway Server. To do this, enable the External API Access settings. **Note:** Disabling settings for the Mobile App communication or External API access through Secure Gateway Server disables the access via Secure Gateway Server. However, access through the internal server will remain active. ## How to Enable/Disable Mobile App Communication or External API Access - Log in to the **Central Server** web console and navigate to **NAT Settings** > **Secure Gateway Server**. - Once the Secure Gateway Server page loads, navigate to the **Advanced Settings** option. - To modify the settings, enable or disable the checkbox to allow Mobile App communication through Secure Gateway Server. ![enabling-mobile-app-communication](https://www.manageengine.com/products/desktop-central/help/images/sgs-mob-3.png) - Similar to Mobile App Communication, enable or disable **External API Access** to control access. ![enabling-external-api-access](https://www.manageengine.com/products/desktop-central/help/images/sgs-mob-4.png) If you encounter any issues or need further assistance, please contact [support](https://www.manageengine.com/products/desktop-central/request-support.html).