What API policy would LEAST likely be applied to a Process API?

What API policy would LEAST likely be applied to a Process API?
A . Custom circuit breaker
B . Client ID enforcement
C . Rate limiting
D . JSON threat protection

View Answer

Answer: D

Explanation:

Correct Answer. JSON threat protection

*****************************************

Fact: Technically, there are no restrictions on what policy can be applied in what layer. Any policy can be applied on any layer API. However, context should also be considered properly before blindly applying the policies on APIs.

That is why, this question asked for a policy that would LEAST likely be applied to a Process API.

From the given options:

>> All policies except "JSON threat protection" can be applied without hesitation to the APIs in Process tier.

>> JSON threat protection policy ideally fits for experience APIs to prevent suspicious JSON payload coming from external API clients. This covers more of a security aspect by trying to avoid possibly malicious and harmful JSON payloads from external clients calling experience APIs.

As external API clients are NEVER allowed to call Process APIs directly and also these kind of malicious and harmful JSON payloads are always stopped at experience API layer only using this policy, it is LEAST LIKELY that this same policy is again applied on Process

Layer API.

Reference: https://docs.mulesoft.com/api-manager/2.x/policy-mule3-provided-policies