Use this glossary to clean up high-confusion OCI developer language fast. The exam gets easier when you keep identity, ingress, execution, event routing, and retry safety in separate buckets.
High-value terms
| Term |
What to remember |
| API Gateway |
the controlled ingress layer for publishing and protecting APIs |
| backoff |
the delay strategy between retries so transient failure does not become retry storm |
| compartment scope |
the boundary that answers where access applies, not how code authenticates |
| event trigger |
a reactive start condition tied to a service or state change |
| Function |
a short-lived serverless execution unit, not automatically the full workflow layer |
| idempotency |
the property that lets repeat delivery or retry happen without duplicate side effects |
| instance principal |
workload identity for code running on OCI compute |
| Notifications |
lightweight fan-out delivery, usually weaker than a durable ordered stream |
| resource principal |
service-native workload identity used inside OCI-managed service contexts |
| Streaming |
OCI managed durable ordered event stream service |
| user API signing key |
human or local-tool auth path, not the strongest default for production runtime code |
| workflow orchestration |
coordination of multiple tasks, decisions, and failure paths across services |
Common confusion pairs
| Pair |
Keep this distinction clear |
| API Gateway vs backend logic |
API Gateway is the front door and policy boundary; backend logic still lives elsewhere |
| Events vs Notifications |
Events routes triggers; Notifications fans out messages |
| Notifications vs Streaming |
Notifications is lighter delivery; Streaming is stronger for retained ordered event flow |
| retry vs idempotency |
retry is the repeated attempt; idempotency is the safety property that makes retry acceptable |
| instance principal vs resource principal |
one is compute-hosted workload identity; the other is OCI service-context workload identity |
| compartment scope vs IAM auth method |
scope answers where access applies; auth method answers how code proves identity |
Fast recall anchors
| If you see… |
Think… |
| “front door,” “policies,” or “API exposure” |
API Gateway |
| “small compute glue” or “handler” |
Functions |
| “react to a platform event” |
Events |
| “notify many receivers” |
Notifications |
| “durable ordered event handling” |
Streaming |
| “safe duplicate processing” |
idempotency and replay-safe logic |
If three terms blur together
| Blurry group |
Reset with this rule |
| API Gateway, Functions, workflow |
ingress, execution, and orchestration are separate decisions |
| Events, Notifications, Streaming |
trigger routing, fan-out delivery, and durable ordered flow are not the same service lane |
| user key, instance principal, resource principal |
human auth, compute workload auth, and service-native workload auth differ |
| retry, timeout, backoff |
failure handling needs both timing rules and duplicate-safety design |
Route next
| Need |
Go here next |
| week-by-week pacing and weak-lane repair |
Study Plan |
| API, event, and retry tie-breaks |
Cheat Sheet |
| last-week decision cleanup |
FAQ |
| official Oracle and OCI sources |
Resources |