Salesforce Integration-Architect Salesforce Certified Integration Architect (SP23) Exam Practice Test

The correct answer is C, Request-Reply: Enhanced External Services invokes a REST API. This is because Enhanced External Services allows you to register an external web service that has an OpenAPI 2.0 specification and use it as an invocable action in a Lightning flow. This way, you can check the preferences from the external service in real-time and get the response in Boolean and string values. The other options are not suitable for this scenario because:

• A, Fire and Forget: Process-driven platform events publishes events on Salesforce Event Bus, is a pattern that is used for asynchronous integration, where the sender does not expect a response from the receiver. This is not suitable for checking preferences in real-time.
• B, Remote Call-In: Salesforce REST API with REST Composite Resources, is a pattern that is used for integrating external applications with Salesforce by calling the Salesforce REST API. This is not suitable for invoking an external service from a Lightning flow.
• D, Data Virtualization: Salesforce Connect map data external REST data in external objects, is a pattern that is used for accessing external data without copying or synchronizing it to Salesforce. This is not suitable for checking preferences in real-time or using them in a Lightning flow.

References:

• Enhanced External Services
• Get Started with External Services
• Registering external services in salesforce

• Option A is correct because external gateway products in use can affect the performance and security of outbound integrations from Salesforce to on-premise servers. External gateway products are software or hardware devices that act as intermediaries between Salesforce and the on-premise servers, such as firewalls, proxies, load balancers, or VPNs. They can have different configurations, features, and limitations that can impact the speed, reliability, and security of the data transmission. For example, some external gateway products may require authentication, encryption, or compression of the data, which can add overhead and latency to the integration. Some external gateway products may also have bandwidth or throughput limits, which can affect the scalability and availability of the integration. Therefore, the architect should consider the external gateway products in use before recommending a solution.
• Option B is incorrect because a default gateway restriction is not a factor that can affect the performance and security of outbound integrations from Salesforce to on-premise servers. A default gateway restriction is a feature that allows administrators to restrict outbound requests from Salesforce to a specific IP address or domain name. This can help prevent unauthorized or malicious requests from Salesforce to external systems. However, this feature does not affect the performance or security of the outbound requests themselves, as it only acts as a filter for the destination of the requests.
• Option C is incorrect because considerations for using deterministic encryption are not relevant for outbound integrations from Salesforce to on-premise servers. Deterministic encryption is a type of encryption that produces the same ciphertext for the same plaintext input. This can help preserve some functionality and performance of encrypted data in Salesforce, such as filtering, sorting, and indexing. However, deterministic encryption is not applicable for outbound integrations from Salesforce to on-premise servers, as it is only supported for custom fields and not for standard fields or attachments. Moreover, deterministic encryption does not affect the security of the data transmission itself, as it only encrypts the data at rest in Salesforce.
• Option D is incorrect because Shield Platform Encryption limitations are not relevant for outbound integrations from Salesforce to on-premise servers. Shield Platform Encryption is a feature that allows administrators to encrypt sensitive data at rest in Salesforce using AES 256-bit encryption. This can help protect data from unauthorized access or theft. However, Shield Platform Encryption limitations are not relevant for outbound integrations from Salesforce to on-premise servers, as they only affect the functionality and performance of encrypted data in Salesforce, such as searching, reporting, or validation rules. Shield Platform Encryption does not affect the security of the data transmission itself, as it only encrypts the data at rest in Salesforce.

References: Salesforce Integration Patterns and Practices : Salesforce Integration Guide : Restrict Outbound Requests with a Default Gateway : Deterministic Encryption : Shield Platform Encryption Considerations : Shield Platform Encryption : Shield Platform Encryption Architecture

Handle verification process error in the Verification Webservice API in case there is a connection issue to the Webservice or if it responds with an error. This solution ensures that the agent can see an error message when the credit verification process failed, and take appropriate actions. The Verification Webservice API can implement error handling logic to catch any exceptions or errors that occur during the callout to the external agencies, and return a meaningful error message to the agent. The agent can then retry the verification process, or escalate the issue to a supervisor. References: Certification - Integration Architect - Trailhead, [Apex Web Services and Callouts]

 These are three considerations that an Integration Architect should consider when recommending Platform Event as an Integration solution. Platform Events are a type of event-driven architecture that allows you to publish and subscribe to custom events in Salesforce and external systems. Platform Events have some limitations and features that an Integration Architect should be aware of, such as:

• Inability to query event messages using SOQL. Platform Events are not stored in Salesforce database, but in an event bus that retains them for 24 hours. You cannot use SOQL to query event messages, but you can use the EventLogFile object or the Event Monitoring feature to access them.
• Inability to create a Lightning record page for platform events. Platform Events are not standard or custom objects, but a special type of sObject that can be inserted into the event bus. You cannot create a Lightning record page for platform events, but you can use Apex triggers, Lightning web components, or CometD clients to subscribe to them.
• When you delete an event definition, it’s permanently removed and can’t be restored. An event definition is a metadata type that defines the schema and properties of a platform event message. You can create or modify event definitions in Salesforce Setup or using Metadata API. However, if you delete an event definition, it’s permanently removed from your org and can’t be restored. You also lose access to any event messages that use that event definition.

References: Certification - Integration Architect - Trailhead, [Platform Events Developer Guide]

 Configuring Identity Type, Certificate, and CSRF Protection for OData connection are three configurations that an Integration Architect should recommend to secure requests coming from Salesforce. Identity Type is used to specify the authentication method for the OData connection, such as Basic Authentication, OAuth 2.0, or Named Principal. Certificate is used to enable SSL/TLS encryption for the OData connection, which protects the data in transit from eavesdropping or tampering. CSRF Protection is used to prevent cross-site request forgery attacks, which exploit the trust between the user and Salesforce by sending malicious requests from another website. Configuring Special Compatibility for OData connection is not a configuration that is related to security, but rather to compatibility issues with different versions or implementations of OData. Configuring CSRF Protection on External Data Source is not a configuration that can be done in Salesforce, but rather on the external data source itself. Reference: Salesforce Connect: Custom Adapters Developer Guide, page 9-10

Platform Events are a type of event-driven architecture that allows you to publish and subscribe to events in Salesforce and external systems. To subscribe to an event, the integration user in Salesforce needs read access to the event entity, which defines the schema and properties of the event message. To publish an event, the integration user in Salesforce needs create permission on the event entity, which is a special type of sObject that can be inserted into the platform event queue. Error handling must be performed by the remote service because the event is effectively handed off to the remote system for further processing. Salesforce does not guarantee the delivery or acknowledgment of the event by the external system. The external system should implement its own logic to handle errors, such as retrying failed events, logging errors, or sending notifications. References: Certification - Integration Architect - Trailhead, [Platform Events Developer Guide]

The recommended solution is to use a time-based workflow rule. A time-based workflow rule is a type of workflow rule that executes actions at a specific time, such as a certain number of days before or after a record field value. By using a time-based workflow rule, you can send an email alert to the contacts of the accounts that do not qualify for a business extension for the next month, and include a meeting invite in the email. This solution can handle large volumes of data and does not require any custom code. Using batch Apex, process builder, or trigger is not a recommended solution because they are more complex and require custom code or configuration. Batch Apex is a way to run large-scale and long-running jobs that operate on many records. Process builder is a tool that lets you automate business processes by creating a process with criteria and actions. Trigger is a type of Apex code that executes before or after database operations, such as insert, update, delete, or undelete.

The integration consultant should consider the following authorization and authentication needs while integrating the DMS and ESB with Salesforce:

• Users should be authorized to view information specific to the customer they are servicing without a need to search for customer. This means that the integration should provide a seamless and contextual access to the customer billing information and generated bills from the DMS and ESB, based on the customer record or case that the user is working on in Salesforce.
• Consider Enterprise security needs for access to DMS and ESB. This means that the integration should comply with the security policies and standards of the Enterprise, such as encryption, auditing, logging, monitoring, etc.
• Users should be authenticated into DMS and ESB without having to enter username and password. This means that the integration should use a single sign-on (SSO) mechanism that allows users to access multiple systems with one login credential, such as OAuth or SAML.

References: [Authorization Through Connected Apps and OAuth 2.0], [Single Sign-On for Desktop and Mobile Applications using SAML and OAuth]

SObject Collections is a REST API composite resource that allows you to create, update, or delete up to 200 records in one API call. You can specify the type of operation (create, update, or delete) for each record in the request body, and the response body will contain the status and IDs of each record. SObject Collections is suitable for bulk operations on records that are not related to each other1.

SObject Tree is another REST API composite resource that allows you to create up to 200 records in one API call. However, unlike SObject Collections, SObject Tree requires the records to be related to each other in a hierarchy. You can specify the parent and child records in a JSON tree structure, and the response body will contain the reference IDs and URLs of each record. SObject Tree is suitable for creating nested data in one request2.

Batch is a REST API composite resource that allows you to combine up to 25 requests in one API call. Each request can be a different type of operation (query, create, update, delete, etc.) on different objects. The response body will contain the status and results of each request. Batch is suitable for grouping multiple requests into one transaction3.

Composite is a REST API composite resource that allows you to execute a series of REST API requests in one API call. You can use the output of one request as the input of another request using a reference ID. The response body will contain the status and results of each request. Composite is suitable for chaining requests that depend on each other.

Therefore, the correct answer is A, because SObject Collections is the only REST API composite resource that allows bulk updates on records that are not related to each other.

References: 1: SObject Collections | REST API Developer Guide | Salesforce Developers 2: SObject Tree | REST API Developer Guide | Salesforce Developers 3: Batch | REST API Developer Guide | Salesforce Developers : [Composite | REST API Developer Guide | Salesforce Developers]

 Make a callout to the payment gateway through ESB supporting error handling and logging for audit purposes. This solution meets the requirements of integrating with an external RESTful service, ensuring real-time updates to the CSR, and supporting post payment processes. ESB stands for Enterprise Service Bus, which is a software architecture model that allows communication between different applications via a common bus. ESB can handle the callout to the payment gateway service, and provide error handling, logging, routing, transformation, and orchestration capabilities. ESB can also integrate with other systems or services that are involved in the post payment processes, such as billing, invoicing, or reporting. References: Certification - Integration Architect - Trailhead, [Enterprise Integration Patterns]

Option B is a correct finding, because it means that the company can use their cloud-based ETL tools to extract data from the legacy systems via the APIs exposed by the on-premise middleware, transform the data as needed, and load the data into Salesforce using queues. Queues are a way of managing asynchronous operations, such as bulk data loading, by placing them in a queue and executing them when resources are available1.

Option C is also a correct finding, because it means that the company can expose their legacy data to the cloud via their on-premise middleware APIs. APIs are a way of enabling communication and data exchange between different systems using standard protocols and formats2. By providing APIs to access their legacy data, the company can use any cloud-based tool or application that can consume those APIs to retrieve and manipulate the data.

Option A is not a correct finding, because it means that the company cannot access their legacy data from the cloud, which prevents them from using their cloud-based ETL tools or any other cloud-based integration solution. If only on-premise systems are allowed to access the legacy systems, then the company would need to use an on-premise integration tool or application to copy the data to Salesforce.

Option D is not a correct finding, because it does not affect the ability to copy legacy data in Salesforce. Queues are useful for on-premise integration, but they are not necessary for copying data to Salesforce. The company can use other methods, such as direct API calls or batch processes, to load data into Salesforce without using queues.

References: 1: Queueable Apex | Apex Developer Guide | Salesforce Developers 2: API Basics | SOAP API Developer Guide | Salesforce Developers

Streaming API is the best option for sending real-time notifications of changes to Salesforce data. Streaming API uses a publish-subscribe model to push relevant data to subscribers without polling. Streaming API supports PushTopic events, which are based on SOQL queries that define the data changes to listen for. The affiliate company can subscribe to a PushTopic event on the NTO Salesforce org and receive notifications whenever the data that matches the query changes. This way, the affiliate company can be informed of any updates to the opportunities in the NTO Salesforce instance.

The integration consultant should implement monitoring by identifying critical business processes and establishing automation to monitor performance against established benchmarks. This approach can help detect and diagnose any degradation in Salesforce performance, such as slow response time, high error rate, or low availability. The automation can use various tools and methods, such as platform events, event monitoring, health check, or third-party monitoring services123

References: Proactive Monitoring - Salesforce.com, 17 Free Ways to Monitor Your Salesforce Org | Salesforce Ben, Measure Lightning Experience Performance and Experienced … - Trailhead

Using request and reply is the recommended integration pattern for this use case because it allows the support agents to send a request to the core banking system and receive a response with the bank account ID in real-time. This way, the support agents can inform the customers with the newly created bank account ID without any delay or inconsistency. Using streaming API to generate push topic is not a good solution because it is used for event-driven integration, not for web-service integration. Using outbound message is also not a good solution because it is a Salesforce-specific feature that uses SOAP web services, which may not be compatible with the core banking system. Using Salesforce platform event is also not a good solution because it is used for event-driven integration, not for web-service integration. Reference: Salesforce Integration Architecture Designer Resource Guide, page 29-30

• Option D is correct because Tooling API is the Salesforce API that can be used to retrieve code coverage and test results for Apex classes and triggers. Tooling API provides REST and SOAP interfaces to access metadata about code, execute tests, and get test results12
• Option A is incorrect because SOAP API is a Salesforce API that can be used to create, retrieve, update, or delete records, but not to get code coverage and test results. SOAP API uses a WSDL file to define the parameters for accessing data through the API3
• Option B is incorrect because Analytics REST API is a Salesforce API that can be used to access data from reports and dashboards, but not from code coverage and test results. Analytics REST API provides a programmatic way to interact with analytics features such as lenses, datasets, and dashboards4
• Option C is incorrect because Metadata API is a Salesforce API that can be used to retrieve, deploy, create, update, or delete customization information, such as custom object definitions and page layouts, but not code coverage and test results. Metadata API is mainly used for development tools or backup tools5

References: 1: Introducing Tooling API 2: Tooling API Examples 3: SOAP API Developer Guide 4: Analytics REST API Developer Guide 5: Metadata API Developer Guide

The Data Virtualization pattern allows Salesforce to access external data sources without storing the data in Salesforce. This reduces the data storage and synchronization costs and enables real-time access to the historical data. Salesforce Connect can be used to consume OData endpoints exposed by the ESB tool and display the external objects as related lists or custom components on the Case object

 Both Platform Events and Outbound Message offer declarative means for asynchronous near-real time needs. They aren’t best suited for real-time integrations (A). In both Platform Events and Outbound Messages, the event messages are retried by and delivered in sequence, and only once. Salesforce ensures there is no duplicate message delivery (B). Message sequence is possible in Outbound Message but not guaranteed with Platform Events. Both offer very high reliability. Fault handling and recovery are fully handled by Salesforce ©. Number of concurrent subscribers to Platform Events is capped at 2,000. An Outbound Message configuration can pass only 100 notifications in a single message to a SOAP end point (D). Both Platform Events and Outbound Message are highly scalable. However, unlike Outbound Message, only Platform Events have Event Delivery and Event Publishing limits to be considered (E). Reference: Salesforce Integration Architecture Designer Resource Guide, page 23

 Integrating Salesforce with Data Warehouse, Order Management and Email Management System is the best option considering Salesforce capabilities. Salesforce can be used as the primary case management system, replacing the existing one. Salesforce can also integrate with the Data Warehouse to provide analytics and reporting on case data. Salesforce can integrate with the Order Management System to access order information related to cases. Salesforce can integrate with the Email Management System to send and receive emails from customers and agents. Reference: Salesforce Integration Architecture Designer Resource Guide, page 16

• Option C is correct because including selective criteria in query filters can improve the performance of the integration. Selective criteria are filters that reduce the number of records that need to be scanned by the query optimizer, such as indexed fields, standard indexes, or custom indexes. Selective criteria can help the query run faster and avoid hitting the query timeout limit or the query row limit.
• Option D is correct because removing the sharing restrictions can improve the performance of the integration. Sharing restrictions are filters that limit the access to records based on the user’s role, profile, or sharing rules. Sharing restrictions can add complexity and overhead to the query execution, as they require additional joins and calculations. Removing the sharing restrictions can simplify the query and reduce the number of records that need to be processed.
• Option A is incorrect because including non-selective criteria in query filters can degrade the performance of the integration. Non-selective criteria are filters that do not reduce the number of records that need to be scanned by the query optimizer, such as non-indexed fields, formula fields, or OR conditions. Non-selective criteria can cause the query to run slower and hit the query timeout limit or the query row limit.
• Option B is incorrect because removing the query filters can degrade the performance of the integration. Query filters are conditions that specify which records to retrieve from the database, such as WHERE clauses or LIMIT clauses. Query filters can help the query run faster and avoid retrieving unnecessary or unwanted data. Removing the query filters can increase the number of records that need to be processed and transmitted by the integration.

References: Working with Very Large SOQL Queries: Improve performance with custom indexes using Salesforce Query Plan tool: Querying Data That Respects User Permissions: How does sharing affect SOQL performance?: SOQL SELECT Syntax : SOQL Best Practices

 The OAuth protocol is a standard way to authorize access to web resources. By configuring a connected app with an authorization endpoint of the API gateway, Salesforce can obtain an access token from the API gateway and use it to invoke the external API securely. This avoids the need to manage certificates or user credentials for authentication2

References: 1: Data Virtualization Pattern 2: OAuth 2.0 Web Server Authentication Flow

The integration architect should recommend enforcing separate security protocols and return formats at the first tier of the API-led architecture. The first tier is also known as the experience layer, which is responsible for providing a tailored interface for each system of engagement. By enforcing security and format at this layer, the integration architect can ensure that each system of engagement can access the data in a secure and consistent way, without affecting the other layers.

References: [API-led Connectivity]

Named Credentials and Protected Custom Settings are two persistence mechanisms that can be used to ensure that secrets are protected from deliberate or inadvertent exposure. Named Credentials allow you to specify the URL of a callout endpoint and its required authentication parameters in one definition. Salesforce manages all the authentication for Apex callouts that specify a named credential as the callout endpoint, and you don’t have to add more authentication logic in your Apex code. Named Credentials can be defined to provide a secure and convenient way of setting up authenticated callouts, and they can also be used in Lightning components, Visualforce pages, and flows1.

Protected Custom Settings are a type of custom settings that store application-specific data that is hidden from subscribers. They are only accessible by the managed package that created them, and they can be used to store secrets such as encryption keys, passwords, or tokens. Protected Custom Settings can be accessed by Apex code, formulas, or validation rules within the same namespace as the settings2.

Encrypted Custom Fields are not a suitable mechanism for storing secrets, because they are not designed to prevent unauthorized access to sensitive data. Encrypted Custom Fields allow you to encrypt text fields using a standard encryption scheme. The encrypted data is masked in reports, list views, and search results, but it can still be viewed by users who have the “View Encrypted Data” permission. Encrypted Custom Fields are intended to protect data from unauthorized access by users within your organization, not from external threats or malicious code3.

Protected Custom Metadata Types are another type of custom metadata types that store application-specific data that is hidden from subscribers. They are similar to Protected Custom Settings, but they have some advantages such as being deployable using change sets or Metadata API, being accessible by SOQL queries, and being able to reference other metadata types or settings. However, Protected Custom Metadata Types cannot be used to store secrets, because they do not support encryption or masking of sensitive data. Protected Custom Metadata Types are intended to store configuration data that is specific to your managed package, not secrets that need to be secured.

Therefore, the correct answer is B and D, because Named Credentials and Protected Custom Settings are the only persistence mechanisms that can be used to securely store secrets in Salesforce.

References: 1: Named Credentials | Apex Developer Guide | Salesforce Developers 2: Custom Settings | Apex Developer Guide | Salesforce Developers 3: Encrypted Fields | Salesforce Help : [Protected Custom Metadata Types | ISVforce Guide | Salesforce Developers]

The Architect should determine the data access prevention requirements and then identify the system constraints before recommending a solution. The data access prevention requirements are the business rules and policies that define how to prevent deactivated employees from accessing Salesforce data. For example, the Architect should determine whether the HR system can send a notification to Salesforce when an employee is deactivated, or whether Salesforce needs to query the HR system periodically to check the employee status. The system constraints are the technical limitations and challenges that may affect the integration solution. For example, the Architect should determine whether the HR system supports outbound or inbound integration, what are the security and authentication protocols, what are the data formats and protocols, and what are the performance and scalability requirements. The frequency of the integration is not as important as the requirements and constraints, as it can be adjusted based on the business needs and technical feasibility. The data volume requirements and loading schedule are not relevant for this scenario, as they are more applicable for data migration or replication scenarios.

The API that should be used for the Salesforce platform event solution is Tooling API. Tooling API is a specialized API that exposes metadata used in developer tooling that you can access through REST or SOAP. You can use Tooling API to create, update, or delete platform event definitions and fields4 Streaming API is used to subscribe to platform events and receive notifications when they are published5

References: Platform Events Developer Guide | Salesforce Developers, Define and Publish Platform Events Unit | Salesforce Trailhead

QUESTIONNO: 241

Northern Trail Outfitters is in the final stages of merging two Salesforce orgs but needs to keep the retiring org available for a short period of time for lead management as it is connected to multiple public web site forms. The sales department has requested that new leads are available in the new Salesforce instance within 30 minutes.

Which two approaches will require the least amount of development effort?

Choose 2 answers

A Configure named credentials in the source org.

B Use the Composite REST API to aggregate multiple leads in a single call.

C Use the tooling API with Process Builder to insert leads in real time.

D Call the Salesforce REST API to insert the lead into the target system.

Answer: A, B

The two approaches that will require the least amount of development effort are configuring named credentials in the source org and using the Composite REST API to aggregate multiple leads in a single call. Named credentials are a type of metadata that store authentication information for accessing external services, such as the target Salesforce org. By using named credentials, you can simplify the code for making callouts and avoid hardcoding credentials or tokens. The Composite REST API is a resource that allows you to execute multiple REST API requests in a single call. You can use the Composite REST API to create, update, or delete up to 25 records in one request. This can reduce the number of API calls and improve performance.

References: [Named Credentials], [Composite Resources]

 Idempotent design means that the same request can be repeated multiple times without changing the outcome. This is useful for avoiding duplicate orders in case of network failures or timeouts. By implementing idempotent design, the sales representatives can retry the order(s) in question without creating duplicates in the manufacturing system. Outbound messaging is not a reliable solution because it does not guarantee delivery or acknowledgement of messages. Scheduled apex is not a real-time solution and may not catch all the duplicate or missing orders

Streaming API is the best option for sending real-time notifications of changes to Salesforce data. Streaming API uses a publish-subscribe model to push relevant data to subscribers without polling. Streaming API supports PushTopic events, which are based on SOQL queries that define the data changes to listen for. The affiliate company can subscribe to a PushTopic event on the NTO Salesforce org and receive notifications whenever the data that matches the query changes. This way, the affiliate company can be informed of any updates to the opportunities in the NTO Salesforce instance.

The integration architect should consider Change Data Capture Events and High Volume Platform Events for using the Streaming API with minimal data loss. Change Data Capture Events capture changes to Salesforce records and deliver them as events to subscribers. High Volume Platform Events are custom events that can be published and consumed at a large scale. Both types of events support reliable event delivery, which means that events are stored for 72 hours and can be replayed by subscribers in case of connection loss or failure. This ensures that data loss is minimized, even when the client re-connects every couple of days12

References: Change Data Capture Developer Guide, Platform Events Developer Guide

• Option A is correct because using ESB (Mule) with cache/state management can help to handle the long-running requests from Salesforce and return a request ID or a response if available from the external systems. This way, Salesforce does not have to wait for the external systems to respond and can avoid the API gateway timeout1
• Option C is correct because using Continuation callouts can make the eligibility check request from Salesforce from Lightning UI at page load without blocking the UI thread. Continuation callouts are asynchronous and can handle long-running requests up to 60 seconds23
• Option E is correct because implementing a ‘Check Update’ button that passes a request ID received from ESB can allow the user to manually check the status of the eligibility check request. This can be useful when the response is not available within the Continuation timeout limit or when the user wants to refresh the data4
• Option B is incorrect because recommending synchronous Apex callouts from Lightning UI to External Systems via Mule and implementing polling on API gateway timeout can cause performance issues and user frustration. Synchronous Apex callouts block the UI thread and can only handle requests up to 120 seconds. Polling on API gateway timeout can increase the network traffic and consume the callout limits25
• Option D is incorrect because creating a Platform Event in Salesforce via Remote-Call-In and using the empAPI in the lightning UI to serve 3,000 concurrent users can introduce complexity and scalability issues. Platform Events are meant for event-driven architecture and not for request-response scenarios. Remote-Call-In requires an additional license and configuration. empAPI has a limit of 1,000 concurrent subscribers per channel678

References: 1: MuleSoft Documentation 2: Salesforce Documentation 4: Salesforce Trailhead 3: Salesforce Developers Blog 5: Salesforce Documentation 6: Salesforce Documentation 7: Salesforce Documentation 8: Salesforce Documentation

 Invoking middleware service to retrieve valid shipping methods is a solution that can allow the sales representatives to select between valid services for the customer’s country. The middleware service can act as a single point of entry for all shipping services and provide routing and transformation capabilities. Using middleware to abstract the call to the specific shipping services is a solution that can allow the sales representatives to request shipping estimates from the selected service. The middleware can hide the complexity and heterogeneity of the shipping services and provide mediation and orchestration capabilities. Using Platform Events to construct and publish shipper-specific events is not a solution, as Platform Events are used for event-driven integration, not for web-service integration. Storing shipping services in a picklist that is dependent on a country picklist is not a solution, as it does not address how to request shipping estimates from the shipping services. Reference: Salesforce Integration Architecture Designer Resource Guide, page 16-17

Using a Connected App for each external system integration is a good solution because it can provide security, auditing, and monitoring features for each integration. A Connected App is an application that can connect to Salesforce using APIs and OAuth as an authentication protocol. A Connected App can also enforce policies such as IP restrictions, login hours, and session timeout for each integration. Using a shared integration user for the three external system integrations is not a good solution because it violates the principle of least privilege, as well as makes it difficult to audit the activities of each system. Using a shared Connected App for the three external system integrations is also not a good solution because it does not allow for granular control and visibility of each integration. Using a unique integration user for each external system integration is not enough to meet the security and auditing requirements, as it does not provide any mechanism for authentication, authorization, or encryption. Reference: Salesforce Integration Architecture Designer Resource Guide, page 20-21