Salesforce Certified Heroku Architecture Designer — Question 20

A client is creating a new API application. The app should only be accessible from other apps that they deploy to Heroku. Also, traffic between the other apps and the API should not transit the public internet.
Which solution should an Architect recommend to meet these requirements?

Answer options

• A. Create the application in a Private Space with default options.
• B. Create the application in a Private Space and restrict the application's set of trusted IP ranges.
• C. Create the application with Internal Routing enabled, in a Private Space.
• D. Create the application in a Shield Private Space to enforce stricter requirements for TLS termination.

Correct answer: B

Explanation

Option B is correct because it allows the application to reside in a Private Space while restricting access to specific trusted IP ranges, ensuring that only designated Heroku apps can connect without exposing traffic to the public internet. Option A does not provide IP range restrictions, while Option C focuses on Internal Routing, which is not necessary here. Option D adds unnecessary complexity with Shield Private Space and stricter TLS requirements, which are not required for this scenario.