What API policy would LEAST likely be applied to a Process API?
What API policy would LEAST likely be applied to a Process API?
A Process API is designed to orchestrate and integrate various systems and services. It is usually not exposed directly to external consumers, making security policies such as JSON threat protection less critical. JSON threat protection is more relevant for Experience APIs, which are exposed directly to end-users and need to handle potential threats from various sources. Custom circuit breakers, client ID enforcement, and rate limiting are more relevant for maintaining the reliability and scalability of the Process API.
D. JSON threat protection
And why not C (Rate Limiting)? Since we are talking about a Process API, that can be consumed by several Experience APIs and even other Process APIs, I believe we don't want to reject any request if a certain limit is achieved. In resume, in my point of view a Process API should always be available and not with a limited access to.
You can have SLA-based rate limiting ot set priorities among different experience APIs. Also, rate limiting might be based on the performance of system APIs or back end systems.
Should be D. JSON threat protection is usually needed for Experience APIs.
then that is why A is the LEAST needed
Yes Anshwer should be D as JSON threat protection is usually needed on Exp APIs that can least ranked on Process APIs
Ans should be D, option A doesnt even exists in Policy
There is no hard and fast rule to apply fix policy to fix layer of API in API-Led connectivity approach. It totally depends on your Organization and the consumer of Experience APIs. But Yes There are couple of recommendation given by MuleSoft team. Let me cite for you. For Exp API IP Whitelisting TLS Mutual (Either through DLB) SLA Based Policy i.e Rate Limiting XML/JSON Threat protection Client Id Enforcement OAuth based Policy JWT based For Process API: SLA Based Rate Limiting to apply Quality of Service for Selected tier IP Whitelisting Rate Limiting Spike Control If you are directly exposing the process API to consumer you can go ahead with the same policy like Experience API
There is no hard and fast rule to apply fix policy to fix layer of API in API-Led connectivity approach. It totally depends on your Organization and the consumer of Experience APIs. But Yes There are couple of recommendation given by MuleSoft team. Let me cite for you. For Exp API IP Whitelisting TLS Mutual (Either through DLB) SLA Based Policy i.e Rate Limiting XML/JSON Threat protection Client Id Enforcement OAuth based Policy JWT based For Process API: SLA Based Rate Limiting to apply Quality of Service for Selected tier IP Whitelisting Rate Limiting Spike Control If you are directly exposing the process API to consumer you can go ahead with the same policy like Experience API Answer D
D. JSON threat protection
Answer: D