You should really protect your aptly API with at least basic authentication. This is easy to achive with a reverse proxy webserver like nginx or Apache. As you are going to transfer credentials then, you should also protect the whole thing with SSL.

nginx

Example snippet (most of this is misc. nginx and ssl setup, interesting bits tagged with ###):

server {
	listen 80;
	server_name your.repo.org ;
	
	### rewrite all non https traffic
	location /api/ {
		rewrite ^/(.*)$ https://$server_name$request_uri permanent;  # enforce https
	}
	root /nowhere;
}
server {
	server_name your.repo.org;
	ssl on;
	listen 443 ssl http2;
	ssl_certificate /etc/letsencrypt/live/repo.org/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/repo.org/privkey.pem;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
	ssl_prefer_server_ciphers on;
	root /nowhere;
	location ~ /\.ht {
		deny all;
	}
	### protect /api with basic auth
	location /api/ {
		client_max_body_size 100M;
		auth_basic "Restricted";
		auth_basic_user_file /etc/nginx/.htpasswd.aptly;
		proxy_redirect	off;
		proxy_pass	http://localhost:8080/api/;
		proxy_redirect	http://localhost:8080/api/ /api;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $http_host;
		proxy_set_header Origin "";
	}
}

You can create a .htpasswd file using

apt-get install apache2-utils -y
htpasswd -c /etc/nginx/.htpasswd.aptly repo-api
chmod o-rw /etc/nginx/.htpasswd.aptly
chown www-data: /etc/nginx/.htpasswd.aptly