Thanks for the explanation! I see the interest 
There are two parts in the Gladys Gateway:
The Websockets API
The websocket API, end-to-end encrypted, is a pass-through between your web client (plus.gladysassistant.com), and your local instance.
Any route available in Gladys is available in the websocket API, because the Gateway only transmits requests from one to the other, and the Gateway has no awareness of the routes called or what is transiting, the messages are entirely encrypted from your browser to your client.
The Open API REST for Owntracks
In order for us to use Owntracks very simply, I developed an Owntracks route that transfers the JSON body sent to the user’s Gladys instance.
As we do not control the code of the Owntracks client applications, this route is not end-to-end encrypted, it is encrypted in transit of course via HTTPS, but only between the mobile and the gateway, then encrypted between the Gateway and the Gladys instance. It’s a shame, but we don’t control the Owntracks code.
I have had requests like yours to have the possibility to have more, even all the Gladys routes available in Open API on the Gateway: it’s a real reflection and a real debate.
Developing routes that would be as easy to call as a classic API, without end-to-end encryption, I find it a shame… This would mean that as a maintainer of the Gladys Gateway, I would have full access to my users’ instances… is that what we want? I don’t think so!
My personal opinion
We need to find a way to make end-to-end encryption work via Tasker! I saw that Tasker allows executing JS code, so we could very well invoke the same encryption code as in the Gladys Plus JS client, it’s not very complicated! 
Sorry for the long post, but an explanation of this hybrid operation was needed, and I wanted to be precise in my answer 
What do you think?