350-401 · Question #1124
What is the API keys option for REST API authentication?
The correct answer is A. a predetermined string that is passed from client to server. An API key for REST API authentication is a secret, predetermined string provided by the client to the server, serving as an identifier for access control.
Question
What is the API keys option for REST API authentication?
Options
- Aa predetermined string that is passed from client to server
- Ba one-time encrypted token
- Ca credential that is transmitted unencrypted
- Da username that is stored in the local router database
How the community answered
(63 responses)- A94% (59)
- B2% (1)
- D5% (3)
Why each option
An API key for REST API authentication is a secret, predetermined string provided by the client to the server, serving as an identifier for access control.
An API key is a unique, predetermined string (or hash) that acts as a secret token, passed from the client to the server in each request (typically in a header or query parameter) to identify the client and authorize access to the API.
API keys are generally persistent and reusable for a given client, not typically 'one-time encrypted tokens'; while they should be transmitted securely (encrypted via TLS), the key itself isn't a 'one-time encrypted token' in the OAuth sense.
For security, API keys, like all sensitive credentials, should always be transmitted over an encrypted channel (e.g., HTTPS/TLS) to prevent interception, making transmission 'unencrypted' an insecure practice.
An API key is an identifier for an application or client, distinct from a user's username, although it may be associated with a user or service account on the server.
Concept tested: API Key authentication mechanism
Source: https://developer.cisco.com/docs/dna-center-api-v2-3-7-0/#!authentication/authentication
Topics
Community Discussion
No community discussion yet for this question.