The core requirement is to update a field that the user cannot edit due to Field Level Security (FLS). Standard API calls, such as the standard REST API (Option C) or SOAP API (Option A), execute in the context of the authenticated user and respect all their permissions, including FLS. Therefore, any attempt to update the read-only geolocation field using these standard APIs would fail.

The correct solution is to create a custom Apex REST service (Option D). By default, Apex code runs in system mode, which bypasses object and field-level security. This allows the Apex method to update the field programmatically, even though the user does not have the direct permission to do so, thus satisfying the requirement.

1. Salesforce Developer Documentation

Apex Developer Guide

"Enforcing Object and Field Permissions": "By default

Apex code runs in system context... Apex code has access to all objects and fields—object permissions

field-level security

sharing rules aren’t applied for the current user." This directly supports why an Apex-based solution (Option D) is necessary to bypass the FLS restriction.

2. Salesforce Developer Documentation

Apex Developer Guide

"Exposing Apex Classes as REST Web Services": This document describes the mechanism for creating custom REST endpoints using Apex (@RestResource annotation)

which is the technical implementation for Option D.

3. Salesforce REST API Developer Guide

"Introduction > Security Considerations": "Access to resources is controlled by the user’s profile and permission sets." This confirms that standard REST API calls (Option C) are bound by user permissions

making them unsuitable for this scenario.