nerdexam
Cisco

350-401 · Question #1052

How is OAuth framework used in REST API?

The correct answer is B. by providing the external application a token that authorizes access to the account. OAuth provides an external application with an access token, authorizing it to access specific resources on behalf of a user without exposing the user's actual credentials.

Submitted by viktor_hu· Mar 6, 2026Security

Question

How is OAuth framework used in REST API?

Options

  • Aas a framework to hash the security information in the REST URL
  • Bby providing the external application a token that authorizes access to the account
  • Cas a framework to hide the security information in the REST URL
  • Dby providing the user credentials to the external application

How the community answered

(35 responses)
  • A
    6% (2)
  • B
    89% (31)
  • C
    3% (1)
  • D
    3% (1)

Why each option

OAuth provides an external application with an access token, authorizing it to access specific resources on behalf of a user without exposing the user's actual credentials.

Aas a framework to hash the security information in the REST URL

OAuth's primary role is authorization using tokens, not hashing security information in the URL; sensitive data should typically not be in URLs.

Bby providing the external application a token that authorizes access to the accountCorrect

OAuth is an authorization framework that allows a third-party application to obtain limited access to a user's resources on an HTTP service (like a REST API) by providing an access token. This token represents the user's consent and grants specific permissions, ensuring the external application never directly handles or stores the user's credentials.

Cas a framework to hide the security information in the REST URL

OAuth's purpose is to grant delegated access securely, not to merely 'hide' security information in the URL, as tokens themselves are part of the security context.

Dby providing the user credentials to the external application

OAuth specifically avoids providing user credentials directly to the external application; instead, it issues a temporary, limited-scope access token.

Concept tested: OAuth in REST API authorization

Source: https://oauth.net/2/

Topics

#OAuth#API Security#REST API#Authorization Tokens

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice