Consider the following rules and guidelines when you work with custom APIs:
•When you create a custom API, the API URL that you specify must not be a URL that is restricted by Informatica and must not contain any potential vulnerability or malicious script. The URL must use a certificate that is signed by a well-known Certificate Authority. You can't create a custom API for an HTTPS URL that uses a self-signed certificate or a certificate that isn't signed by a Certificate Authority.
•When you configure a response caching policy for a custom managed API, do not select the Accept-Encoding request HTTP header. If you select the Accept-Encoding header, the response caching policy might not be honored.
•You can't configure a Personally Identifiable Information (PII) policy for a custom managed API that contains the Accept-Encoding request HTTP header as br(Brotli) or response as br(Brotli) compressed.