Securing how the API traffic is transported to and from your API is important for keeping the data away from prying eyes. For example, if your API allows unencrypted traffic, otherwise well-rounded security can be rendered useless when  requests and responses are transmitted in the open. Anyone listening to the network traffic while the calls are being made may intercept them and use the gained information to circumvent your other security measures.