Salesforce Updated MuleSoft-Integration-Architect-I Exam Questions and Answers by damon

To convey the necessary non-functional requirement (NFR) related to protecting backend services from a high rate of requests according to SLAs, the following steps should be taken:

Create a Shared RAML Fragment: Develop a RAML fragment that defines the NFR, including the SLAs for different subscription levels ("Gold", "Silver", "Platinum"). This fragment should include the details on rate limiting and throttling based on the new parameter added to the Accounts object.

Update API Specifications: Integrate the shared RAML fragment into each API specification. This ensures that the NFR is consistently applied across all relevant APIs.

Publish to Exchange: Publish the updated API specifications and the shared RAML fragment to Anypoint Exchange. This makes the NFR visible and accessible to all stakeholders and developers, ensuring compliance and implementation consistency.

This approach ensures that the NFR is clearly communicated and applied uniformly across all API implementations.

References

MuleSoft Documentation on RAML and API Specifications

Best Practices for API Design and Documentation

To conduct performance testing in a non-production environment where rate limits are enforced, the most cost-effective approach is:

C. Create a Mocking service that replicates the back-end system's production performance characteristics. Then configure the API implementation to use the mocking service and conduct the performance test.

Mocking Service: Develop a mock service that emulates the performance characteristics of the production back-end system. This service should mimic the response times, data formats, and any relevant behavior of the actual back-end system without imposing rate limits.

Configuration: Modify the API implementation to route requests to the mocking service instead of the actual back-end system. This ensures that the performance tests are not impacted by the rate limits imposed in the non-production environment.

Performance Testing: Conduct the performance tests using the API implementation configured with the mocking service. This approach allows you to assess the performance under expected production load conditions without being constrained by non-production rate limits.

This method ensures that performance testing is accurate and reflective of the production environment without additional costs or constraints due to rate limiting in staging environments.

Requirement Analysis: The security team requires any external API call to be restricted by an IP include list. This ensures that only specified IP addresses can access the third-party API.

Design Plan: To fulfill this requirement, implementing a proxy for the third-party API is the best approach. This proxy can enforce the IP include list policy.

Implementation Steps:

Create a Proxy API: Set up a new API proxy in Anypoint Platform to act as an intermediary for the third-party API.

Configure IP Include List Policy: Within the Anypoint API Manager, apply the IP whitelist policy to the proxy API. This policy will ensure that only requests from specified IP addresses are allowed to reach the third-party API.

Modify Main API Flow: Update the flow of your main API to call the newly created proxy API instead of directly calling the third-party API.

Testing: Conduct thorough testing to ensure that the proxy API correctly forwards requests to the third-party API only if the requests originate from IPs in the include list.

Advantages:

Security: This method ensures that only approved IPs can access the third-party API, adhering to the security team's requirements.

Manageability: Centralizes the IP restriction management within the API Manager, simplifying maintenance and updates.

References

MuleSoft Documentation on API Proxies

MuleSoft Documentation on IP Whitelist Policy