300-835 · Question #45
Refer to the exhibit. An engineer needs to retrieve a list of devices that are xAPI enabled using Webex devices xAPIs with access-token 11111111AAAAaaaaaaaa1111aaA. To complete the python request, whi
The correct answer is C. 'Authorization': Bearer 11111111AAAAaaaaaaaa1111aaA'. Option C is correct because the HTTP Authorization header for OAuth 2.0 bearer tokens - which is what Webex access tokens are - requires the exact prefix Bearer followed by a space and the token value. This is defined in RFC 6750, the standard for OAuth 2.0 Bearer Token usage, an
Question
Options
- A'Authorization': Token 11111111AAAAaaaaaaaa1111aaA'
- B'Authorization': OAuth Token 11111111AAAAaaaaaaaa1111aaA'
- C'Authorization': Bearer 11111111AAAAaaaaaaaa1111aaA'
- D'Authorization': AccessToken 11111111AAAAaaaaaaaa1111aaA'
How the community answered
(53 responses)- A17% (9)
- B4% (2)
- C72% (38)
- D8% (4)
Explanation
Option C is correct because the HTTP Authorization header for OAuth 2.0 bearer tokens - which is what Webex access tokens are - requires the exact prefix Bearer followed by a space and the token value. This is defined in RFC 6750, the standard for OAuth 2.0 Bearer Token usage, and Webex APIs strictly follow this standard.
Why the distractors are wrong:
- A (
Token) is used by some Django/DRF APIs, not Webex or OAuth 2.0 bearer token flows. - B (
OAuth Token) is not a valid HTTP authorization scheme at all - it's a made-up distractor combining two unrelated words. - D (
AccessToken) is also not a recognized scheme; it conflates the concept of an access token with the scheme name, which is simplyBearer.
Memory tip: Think "Bearer = Big standard" - Bearer is the RFC 6750 OAuth 2.0 standard used by virtually every major API (Webex, Microsoft, Google), so when you see an OAuth access token in an exam, Bearer is almost always the answer.
Topics
Community Discussion
No community discussion yet for this question.