Northern Trail Outfitters needs to secure an integration with an external Microsoft Azure API Gateway. Which integration security mechanism should be employed?
A.
Use an API-only user profile and implement an external identity provider with federated API access.
B.
Configure mutual server authentication with two way SSL using certification authority (CA) signed certificates.
Most Voted
C.
Configure a connected app with an authorization endpoint of the API Gateway and configure OAuth settings.
D.
Implement Salesforce Shield with Encryption at Rest and generate a tenant secret.
Explanation:
Two-way SSL (Mutual TLS) is a widely accepted security mechanism for securing API integrations with external systems, especially when integrating with Microsoft Azure API Gateway or other cloud services.
Mutual authentication ensures that both Salesforce and the external API Gateway verify each other’s identities before allowing data exchange.
CA-signed certificates provide additional security by ensuring that only authorized entities communicate with the API Gateway.
Why NOT C?
OAuth is great for authentication and token-based access but does not provide the same level of security as mutual TLS (mTLS) for API-to-API communications.
OAuth would be more relevant for user-level authentication, while mTLS is better for securing system-level API calls.
The way the question is formulate is ambiguous but based on "an integration with an external Microsoft Azure API Gateway" it reads this is for outbound flows - SF to API GW in which case Connected App is not applicable.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Big_Fella
6 days, 9 hours agoPaul421
4 months agoAlf8
5 months, 3 weeks agou39403918
7 months, 3 weeks agodeusexmorte
8 months ago