350-401 · Question #1199
Which security feature does stateless authentication and authorization use for REST API calls?
The correct answer is A. OAuth 2 tokens. Stateless authentication and authorization for REST API calls primarily rely on OAuth 2 tokens to establish identity and grant access without maintaining server-side session state.
Question
Which security feature does stateless authentication and authorization use for REST API calls?
Options
- AOAuth 2 tokens
- BAPI keys
- CSSL/TLS certificate encryption
- Dcookie-based session authentication
How the community answered
(25 responses)- A92% (23)
- B4% (1)
- C4% (1)
Why each option
Stateless authentication and authorization for REST API calls primarily rely on OAuth 2 tokens to establish identity and grant access without maintaining server-side session state.
OAuth 2 tokens, such as bearer tokens (e.g., JWTs), are a common mechanism for stateless authentication and authorization in REST APIs. The token itself contains all necessary information to verify the client's identity and permissions, allowing the API server to validate each request independently without needing to store session state.
While API keys are used for authentication, they are often simpler and less robust than OAuth 2 tokens for authorization, and can sometimes be managed in a stateful manner for rate limiting or tracking.
SSL/TLS certificate encryption provides secure communication over the wire by encrypting data and verifying server identity, but it is a transport-layer security feature, not an authentication or authorization mechanism for the application layer itself.
Cookie-based session authentication is inherently stateful, as the server typically stores session information linked to the cookie, which contradicts the requirement for stateless authentication.
Concept tested: Stateless REST API authentication/authorization
Source: https://datatracker.ietf.org/doc/html/rfc6749
Topics
Community Discussion
No community discussion yet for this question.