nerdexam
Cisco

350-401 · Question #138

Which method of account authentication does OAuth 2.0 use within REST APIs?

The correct answer is B. access tokens. OAuth 2.0 and REST API Authentication OAuth 2.0 uses access tokens to authenticate requests within REST APIs. After a user grants authorization, the OAuth 2.0 framework issues a token (typically a Bearer token) that the client includes in API request headers - this allows secure,

Submitted by anna_se· Mar 6, 2026Security

Question

Which method of account authentication does OAuth 2.0 use within REST APIs?

Options

  • Ausername/role combination
  • Baccess tokens
  • Ccookie authentication
  • Dbasic signature workflow

How the community answered

(29 responses)
  • A
    3% (1)
  • B
    93% (27)
  • C
    3% (1)

Explanation

OAuth 2.0 and REST API Authentication

OAuth 2.0 uses access tokens to authenticate requests within REST APIs. After a user grants authorization, the OAuth 2.0 framework issues a token (typically a Bearer token) that the client includes in API request headers - this allows secure, delegated access without exposing user credentials.

Why the distractors are wrong:

  • A (username/role combination) describes role-based access control (RBAC), which is an authorization concept, not OAuth 2.0's authentication mechanism
  • C (cookie authentication) is a session-based method used primarily in traditional web applications, not the token-based approach OAuth 2.0 employs
  • D (basic signature workflow) describes older methods like HTTP Basic Auth or OAuth 1.0, which used cryptographic signatures - OAuth 2.0 specifically moved away from this complexity

Memory Tip: Think of an OAuth 2.0 access token like a temporary visitor badge - it grants access without revealing your permanent credentials (password), and it expires after a set time. The word "access" in access token directly mirrors OAuth's purpose of granting access.

Topics

#OAuth 2.0#REST API Security#Access Tokens#API Authentication

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice