In what situations is it needed to encrypt the REST API HttpRequest at the client-side before sending it to the server and to encrypt the HttpResponse at the server before sending it to the client-side?
I read that HTTPS encrypts the data when data is in transit, so do we really need an extra layer of encryption on our own?
One difference I could notice that using additional encryption I will not be able to see the data in the original form in the Network tab of the browser. What is the significance of this from a security perspective?
Please consider the question for both mobile and web platforms.