diff --git a/cmd/tx-submit-api-mirror/main.go b/cmd/tx-submit-api-mirror/main.go
index 9a4ace0..c5961d3 100644
--- a/cmd/tx-submit-api-mirror/main.go
+++ b/cmd/tx-submit-api-mirror/main.go
@@ -71,11 +71,6 @@ func main() {
 	}
 
 	// Start API listener
-	logger.Infof(
-		"starting API listener on %s:%d",
-		cfg.Api.ListenAddress,
-		cfg.Api.ListenPort,
-	)
 	if err := api.Start(cfg); err != nil {
 		logger.Fatalf("failed to start API: %s", err)
 	}
diff --git a/internal/api/api.go b/internal/api/api.go
index 97373fe..5949240 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -35,6 +35,21 @@ import (
 )
 
 func Start(cfg *config.Config) error {
+	// Standard logging
+	logger := logging.GetLogger()
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		logger.Infof(
+			"starting API TLS listener on %s:%d",
+			cfg.Api.ListenAddress,
+			cfg.Api.ListenPort,
+		)
+	} else {
+		logger.Infof(
+			"starting API listener on %s:%d",
+			cfg.Api.ListenAddress,
+			cfg.Api.ListenPort,
+		)
+	}
 	// Disable gin debug output
 	gin.SetMode(gin.ReleaseMode)
 	gin.DisableConsoleColor()
@@ -52,11 +67,18 @@ func Start(cfg *config.Config) error {
 	router.GET("/healthcheck", handleHealthcheck)
 	router.POST("/api/submit/tx", handleSubmitTx)
 
-	// Start listener
-	err := router.Run(
-		fmt.Sprintf("%s:%d", cfg.Api.ListenAddress, cfg.Api.ListenPort),
-	)
-	return err
+	// Start API listener
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		return router.RunTLS(
+			fmt.Sprintf("%s:%d", cfg.Api.ListenAddress, cfg.Api.ListenPort),
+			cfg.Tls.CertFilePath,
+			cfg.Tls.KeyFilePath,
+		)
+	} else {
+		return router.Run(fmt.Sprintf("%s:%d",
+			cfg.Api.ListenAddress,
+			cfg.Api.ListenPort))
+	}
 }
 
 func handleHealthcheck(c *gin.Context) {
diff --git a/internal/config/config.go b/internal/config/config.go
index e79cf62..0828c87 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -25,6 +25,7 @@ import (
 type Config struct {
 	Logging  LoggingConfig `yaml:"logging"`
 	Api      ApiConfig     `yaml:"api"`
+	Tls     TlsConfig     `yaml:"tls"`
 	Backends []string      `yaml:"backends" envconfig:"BACKENDS"`
 }
 
@@ -38,6 +39,11 @@ type ApiConfig struct {
 	ClientTimeout uint   `yaml:"client_timeout" envconfig:"CLIENT_TIMEOUT"`
 }
 
+type TlsConfig struct {
+	CertFilePath string `yaml:"certFilePath" envconfig:"TLS_CERT_FILE_PATH"`
+	KeyFilePath  string `yaml:"keyFilePath"  envconfig:"TLS_KEY_FILE_PATH"`
+}
+
 // Singleton config instance with default values
 var globalConfig = &Config{
 	Logging: LoggingConfig{