What API policy would LEAST likely be applied to a Process API?

What API policy would LEAST likely be applied to a Process API?
A . Custom circuit breaker
B . Client ID enforcement
C . Rate limiting
D . JSON threat protection

View Answer

Answer: D

Explanation:

Key to this question lies in the fact that Process API are not meant to be accessed directly by clients. Lets analyze options one by one. Client ID enforcement: This is applied at process API level generally to ensure that identity of API clients is always known and available for API-based analytics Rate Limiting: This policy is applied on Process Level API to secure API’s against degradation of service that can happen in case load received is more than it can handle Custom circuit breaker: This is also quite useful feature on process level API’s as it saves the API client the wasted time and effort of invoking a failing API. JSON threat protection: This policy is not required at Process API and rather implemented as Experience API’s. This policy is used to safeguard application from malicious attacks by injecting malicious code in JSON object. As ideally Process API’s are never called from external world, this policy is never used on Process API’s Hence correct answer is JSON threat protection MuleSoft Documentation Reference: https://docs.mulesoft.com/api-manager/2.x/policy-mule3-json-threat