AWS Certified Developer – Associate — Question 296

A company is developing a publicly accessible single-page application. The application makes calls from a client web browser to backend services to provide a user interface to customers. The application depends on a third-party web service exposed as an HTTP API. The web client must provide an API key to the third-party web service by using the HTTP header as part of the HTTP request. The company’s API key must not be exposed to the users of the web application.

Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. For each integration, configure a mapping template for Content-Type text/json that transforms the incoming request by using Velocity Template Language (VTL).
• B. For each integration, configure a mapping template for Content-Type text/json that transforms the incoming request by using Embedded JavaScript (EJS).
• C. For each integration, configure a mapping template for Content-Type application/json that transforms the incoming request by using Velocity Template Language (VTL).
• D. For each integration, configure a mapping template for Content-Type application/json that transforms the incoming request by using Embedded JavaScript (EJS).

Correct answer: C

Explanation

Amazon API Gateway natively supports Velocity Template Language (VTL) for request and response mapping templates, allowing the secure injection of API keys into integration requests without needing custom compute resources like AWS Lambda. The standard MIME type for JSON payloads is application/json, which makes option C the correct configuration. Embedded JavaScript (EJS) is not supported by API Gateway for mapping templates, and text/json is not the standard media type for JSON data.