AWS Certified Developer – Associate — Question 302

A company is developing a publicly accessible single-page application. The application makes calls from a client web browser to backend services to provide a user interface to customers. The application depends on a third-party web service exposed as an HTTP API. The web client must provide an API key to the third-party web service by using the HTTP header as part of the HTTP request. The company’s API key must not be exposed to the users of the web application.

Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Use Amazon API Gateway to create a private REST API. Create an HTTP integration to integrate with the third-party HTTP API. Add the company’s API key to the HTTP headers list of the integration request configuration.
• B. Use Amazon API Gateway to create a private REST API. Create an AWS Lambda proxy integration. Make calls to the third-party HTTP API from the Lambda function. Pass the company's API key as an HTTP request header.
• C. Use Amazon API Gateway to create a REST API. Create an HTTP integration to integrate with the third-party HTTP API. Add the company’s API key to the HTTP headers list of the integration request configuration.
• D. Use Amazon API Gateway to create a REST API. Create an AWS Lambda proxy integration. Make calls to the third-party HTTP API from the Lambda function. Pass the company’s API key as an HTTP request header.

Correct answer: C

Explanation

A public REST API is required because the single-page application is publicly accessible from client browsers, ruling out private REST APIs (Options A and B). Using a direct HTTP integration in Amazon API Gateway (Option C) is more cost-effective and has lower latency than using an AWS Lambda proxy integration (Option D), as it avoids the additional execution costs of running a Lambda function just to append a header.