Hi Amit
You can use any of those languages. If I were an architect, I would make my decision on which language to choose, based on readability and maintainability of the team managing the platform.
JS and Python are scripts, which means you can “see” the code as it is, when attached to an API Proxy. It’s simple and “transparent”. Want to know what the code does? just look in the resource file. Java, by contrast, uses a JAR packaging. Which means you need to compile and pre-package whatever logic you’re using. You cannot “see” what the Java code is doing, unless you have access to the source code, which in any case is not part of the API proxy.
If you are performing encryption or other compute-intensive work, then Java is preferred, because it will perform better. For example, HMACs, or derivatives of same. Or any RSA-based crypto (signing or encrypting). If you are performing string manipulation, payload validation, or other simple tasks, then the performance difference between scripting (JS or Python) and Java, will not be great.
In summary, Base your selection decision on readability and performance, but consider performance only if you’re doing numerically intensive computations.
why is it still not recommended to use java in first place?
Because it’s more work to package up a Java jar, than it is to simply write a script. Script is more readable.
Is it because of the risk people can add fat jars (including many third party) or is there any other reason?
I wouldn’t say “there is a risk”. If you use Java, then the responsibility to create small JARs is on you, and your team. So in that regard, there is a “cost” to using Java. It’s more responsibility, YOUR responsibility, to ensure that the Java code is correct, efficient, and has minimal dependencies. It’s not difficult to do, but it’s a non-zero effort.