API Calls made from browsers using HTTPS can be prompted to choose a certificate to authenticate itself, even though the resource/policy itself does not use mutual SSL Authentication.  This can be confusing for some end users, unsure why a certificate choice is requested and which one should be selected.

All supported versions of the API Gateway

During SSL Handshake, prior to the policy being resolved, the client can be prompted for a certificate.  If the client is a browser and its keystore contains more than one certificate, then a dialog will be displayed asking the user to choose which certificate is applicable. 

From the Policy Manager, go to Tasks > Transports > Manage Listen Ports, select the SSL port in question, and navigate to the 'SSL/TLS Settings' Tab.  If Client Authentication is set to Optional or Required then during SSL handshake, a certificate will be requested, which might result in a dialog being displayed.  To stop this behavior, set the Client Authentication to None. 

If policies require certificate-based client authentication then setting the authentication to None will cause them to fail, consider running mutual authentication policies on a separate port.