CDPSE · Question #340
Which of the following is the BEST way to protect the confidentiality of the information returned by a new application programming interface (API) integration?
The correct answer is C. Ensure all API traffic is encrypted in transit.. Encrypting all API traffic in transit (e.g., via TLS/HTTPS) directly protects data confidentiality by ensuring that any information transmitted between the API and its consumers cannot be intercepted and read by third parties. Monitoring requests (A) is a detective control, not a
Question
Which of the following is the BEST way to protect the confidentiality of the information returned by a new application programming interface (API) integration?
Options
- ARequire all API requests to be monitored.
- BUpdate the privacy policy to include use of the API.
- CEnsure all API traffic is encrypted in transit.
- DUse only APIs with de-identified data.
How the community answered
(25 responses)- A4% (1)
- B8% (2)
- C88% (22)
Explanation
Encrypting all API traffic in transit (e.g., via TLS/HTTPS) directly protects data confidentiality by ensuring that any information transmitted between the API and its consumers cannot be intercepted and read by third parties. Monitoring requests (A) is a detective control, not a preventive one. Updating the privacy policy (B) is a legal/compliance action that doesn't technically protect the data. Using only de-identified data (D) may not always be feasible and limits the API's usefulness; encryption is a universal, practical solution regardless of data type.
Topics
Community Discussion
No community discussion yet for this question.