Your API should always be behind a reverse proxy (e.g. nginx) which will almost always have compression enabled. Not sure enabling compression at the API level is necessary.

Nginx does not enable it by default.

I don’t know about other distributions, but on Debian the nginx package does have a default configuration with “gzip on” set.

Yes, indeed. And accept at least gzip compression on the client side!

https://www.earth.org.uk/RSS-efficiency.html

Isn’t https compression a no-go due to BREACH and CRIME?

No. That was to do with manipulating header content to break cyphers.

Compressable bodies that cannot be influenced by a counterparty should be compressed.