UC has an API-led architecture with three tiers. Requirement: return data to systems of engagement (mobile, web, Salesforce) in different formats and enforce different security protocols. What should the architect recommend?
A.
Implement an API Gateway that all systems of engagement must interface with first.
B.
Enforce separate security protocols and return formats at the first tier of the API-led architecture.
In a standard API-led connectivity model, the First Tier (Experience APIs) is responsible for tailoring data for specific systems of engagement.
The Experience APIs take the core data from the lower tiers and transform it into the specific return formats (e.g., JSON for mobile, XML for legacy web) and security protocols (e.g., OAuth for Salesforce, API Keys for web) required by each consumer. Option B correctly identifies that these transformations and security enforcements should happen at this outer layer. While an API Gateway (Option A) can provide generic security and rate limiting, it is the Experience API layer that provides the functional transformation and specific protocol requirements defined by the business needs of the engagement systems.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit