CDPSE · Question #272
An organization wants to implement a cloud application with a REST application programming interface (API). Which of the following BEST protects against unauthorized access to the API?
The correct answer is C. Access authentication via API key. API key authentication directly addresses unauthorized access by requiring callers to present a unique credential that the server validates before granting access. This is a standard authentication control for REST APIs. IP whitelisting (option B) is a network-layer restriction t
Question
An organization wants to implement a cloud application with a REST application programming interface (API). Which of the following BEST protects against unauthorized access to the API?
Options
- AUse of a trusted API framework
- BRestriction of API access to whitelisted IP addresses
- CAccess authentication via API key
- DThrottling of access requests to the API
How the community answered
(20 responses)- A5% (1)
- B5% (1)
- C90% (18)
Explanation
API key authentication directly addresses unauthorized access by requiring callers to present a unique credential that the server validates before granting access. This is a standard authentication control for REST APIs. IP whitelisting (option B) is a network-layer restriction that can be circumvented if an attacker operates from an allowed IP. Throttling (option D) limits abuse and rate-based attacks but does not prevent unauthorized access. A trusted framework (option A) improves code security but is not itself an access control mechanism.
Topics
Community Discussion
No community discussion yet for this question.