350-401 · Question #921
What is one method for achieving REST API security?
The correct answer is B. using HTTPS and TLS encryption. A primary method for securing REST API communication is to utilize HTTPS, which encrypts the data in transit using Transport Layer Security (TLS).
Question
Options
- Ausing a combination of XML encryption and XML signatures
- Busing HTTPS and TLS encryption
- Cusing a MDS hash to verify the integrity
- Dusing built-in protocols known as Web Services Security
How the community answered
(21 responses)- A5% (1)
- B90% (19)
- D5% (1)
Why each option
A primary method for securing REST API communication is to utilize HTTPS, which encrypts the data in transit using Transport Layer Security (TLS).
XML encryption and XML signatures are typically components of Web Services Security (WS-Security), which is a standard primarily used with SOAP-based web services for message-level security, not a common or native approach for securing REST APIs.
HTTPS (Hypertext Transfer Protocol Secure) leverages Transport Layer Security (TLS) to encrypt the entire communication channel between the client and the REST API server. This ensures confidentiality by preventing eavesdropping, provides data integrity to protect against tampering, and offers server authentication through digital certificates.
Using a hash algorithm like MD5 (Message-Digest Algorithm 5) can provide data integrity checking, but MD5 is considered cryptographically insecure and does not provide confidentiality or authentication, which are crucial aspects of API security addressed by TLS.
Web Services Security (WS-Security) is a set of extensions to SOAP for securing web services messages; it is not a built-in protocol for REST APIs, which are typically secured at the transport layer using HTTPS/TLS.
Concept tested: REST API security methods
Source: https://learn.microsoft.com/en-us/azure/architecture/best-practices/api-design#security
Topics
Community Discussion
No community discussion yet for this question.