Learn the most cost-effective approach to integrate a third-party HTTP API with Amazon API Gateway while keeping your API key secure and hidden from web application users.
Table of Contents
Question
A company is developing a publicly accessible single-page application. The application makes calls from a client web browser to backend services to provide a user interface to customers. The application depends on a third-party web service exposed as an HTTP API. The web client must provide an API key to the third-party web service by using the HTTP header as part of the HTTP request. The company’s API key must not be exposed to the users of the web application.
Which solution will meet these requirements MOST cost-effectively?
A. Use Amazon API Gateway to create a private REST API. Create an HTTP integration to integrate with the third-party HTTP API. Add the company’s API key to the HTTP headers list of the integration request configuration.
B. Use Amazon API Gateway to create a private REST API. Create an AWS Lambda proxy integration. Make calls to the third-party HTTP API from the Lambda function. Pass the company’s API key as an HTTP request header.
C. Use Amazon API Gateway to create a REST API. Create an HTTP integration to integrate with the third-party HTTP API. Add the company’s API key to the HTTP headers list of the integration request configuration.
D. Use Amazon API Gateway to create a REST API. Create an AWS Lambda proxy integration. Make calls to the third-party HTTP API from the Lambda function. Pass the company’s API key as an HTTP request header.
Answer
The most cost-effective solution that meets the requirements is:
D. Use Amazon API Gateway to create a REST API. Create an AWS Lambda proxy integration. Make calls to the third-party HTTP API from the Lambda function. Pass the company’s API key as an HTTP request header.
Explanation
Creating a public REST API with Amazon API Gateway allows the single-page application to securely access the backend services. By using an AWS Lambda proxy integration, you can execute custom logic in the Lambda function to make calls to the third-party HTTP API. This approach enables you to include the company’s API key in the request headers within the Lambda function code, keeping it hidden from the web application users.
Using a Lambda proxy integration is more cost-effective compared to an HTTP integration because it allows you to combine multiple backend calls or perform additional processing if needed, without incurring extra API Gateway costs for each request.
While both options A and C use an HTTP integration, they expose the API key in the API Gateway configuration, making it accessible to users inspecting the web application’s network requests. Option B is not ideal because it creates a private API, which is not necessary for a publicly accessible application and may incur additional costs.
Therefore, option D provides the most secure and cost-effective solution by keeping the API key hidden within the Lambda function and allowing flexibility for additional processing if required.
Amazon AWS Certified Developer – Associate DVA-C02 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Developer – Associate DVA-C02 exam and earn Amazon AWS Certified Developer – Associate DVA-C02 certification.