350-401 · Question #665
What is the API keys option for REST API authentication?
The correct answer is A. a predetermined string that is passed from client to server. API keys are a common authentication method for REST APIs, involving a secret string shared between the client and server to verify requests.
Question
Options
- Aa predetermined string that is passed from client to server
- Ba one-time encrypted token
- Ca username that is stored in the local router database
- Da credential that is transmitted unencrypted
How the community answered
(63 responses)- A87% (55)
- B6% (4)
- C5% (3)
- D2% (1)
Why each option
API keys are a common authentication method for REST APIs, involving a secret string shared between the client and server to verify requests.
API keys are typically long, unique, predetermined strings (like a secret token) that a client includes with each request to an API, allowing the server to identify and authenticate the client and grant access based on predefined permissions. This string acts as a credential to authorize the client's API calls.
While some tokens are one-time, API keys are generally reusable and are passed as a secret string, which may or may not be explicitly 'encrypted tokens' in their raw form, although they should always be transmitted over encrypted channels like HTTPS.
API keys are client-side credentials used for authenticating with an API service, not usernames stored in a local router database.
Although API keys *can* be transmitted unencrypted if using HTTP, best security practices mandate transmitting them over encrypted channels (e.g., HTTPS) to protect their confidentiality, so 'transmitted unencrypted' is not a defining characteristic of an API key itself.
Concept tested: REST API key authentication mechanism
Source: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-add-subscriptions#generate-an-api-key
Topics
Community Discussion
No community discussion yet for this question.