Which component provides filtering and access controls that focus on XML-formatted inbound data to an API?

• A. API Gateway
• B. NIDS
• C. Web Application Firewall (WAF)
• D. XML Gateway

Answer: (D)

XML payloads coming into an API require message-level filtering and access controls that understand XML structure, validate against schemas, and block unsafe content before it reaches backend services. An XML Gateway is designed to do this: it sits in front of the API and parses inbound XML, enforces policy based on the XML content, performs schema validation (DTD/XSD), and can protect against XML-specific threats like XXE, while optionally transforming or routing messages according to their XML elements. This focused XML handling sets it apart from other options: an API Gateway manages broader API security and traffic control (across various formats), a Web Application Firewall protects web applications at the HTTP level but is not specifically optimized for XML payload policy enforcement, and a Network IDS analyzes traffic patterns rather than enforcing payload-level XML policies. Therefore, the component that provides filtering and access controls focused on XML-formatted inbound data to an API is the XML Gateway.