Rest API - Authentication and Authorization
To restrict access to an API endpoint only to clients with valid Bearer tokens, which of the following is the best practice?
To restrict access to an API endpoint only to clients with valid Bearer tokens, which of the following is the best practice?
hard📝 Application Q8 of 15
Step-by-Step Solution
Solution:
Step 1: Understand API security best practices
Bearer tokens must be validated on the server to ensure only authorized clients access protected endpoints.Step 2: Evaluate options
Validate the Bearer token on the server side before processing the request correctly states server-side validation. Send the token as a URL query parameter for easier access is insecure as tokens in URLs can be logged or leaked. Store the token in client-side cookies without HttpOnly flag risks token theft by not using HttpOnly cookies. Allow requests without tokens but log them for review allows unauthorized access.Final Answer:
Validate the Bearer token on the server side before processing the request -> Option AQuick Check:
Always validate tokens server-side to secure endpoints [OK]
Quick Trick: Always validate tokens server-side before granting access [OK]
Common Mistakes:
- Passing tokens in URL parameters
- Not validating tokens on server
- Storing tokens insecurely on client
Master "Authentication and Authorization" in Rest API
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Rest API Quizzes