Bird
0
0

You have this API security code snippet:

medium📝 Debug Q14 of 15
Rest API - Authentication and Authorization
You have this API security code snippet: 
app.get('/user', (req, res) => {
  if (!req.headers['api_key']) {
    res.status(401).send('Unauthorized');
    return;
  }
  res.send('User data');
});
What is the main problem with this code?
AIt does not handle errors properly.
BIt uses the wrong HTTP method for security.
CIt sends user data before checking the key.
DIt does not check if the API key is valid.
Step-by-Step Solution
Solution:

  1. Step 1: Analyze the API key check

    The code only checks if the 'api_key' header exists but does not verify if it is correct or valid.

  2. Step 2: Understand the security implication

    Without validating the key, anyone sending any 'api_key' header can access the data, which is insecure.

  3. Final Answer:

    It does not check if the API key is valid. -> Option D

  4. Quick Check:

    API key must be validated, not just present [OK]
Quick Trick: Check key validity, not just presence [OK]
Common Mistakes:
  • Assuming presence means valid
  • Confusing HTTP method with security
  • Ignoring error handling importance

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Rest API Quizzes
Authentication and Authorization - JWT structure and flow - Quiz 6medium Authentication and Authorization - OAuth 2.0 overview - Quiz 1easy Error Handling - Error response structure - Quiz 11easy Error Handling - Error response structure - Quiz 2easy Error Handling - Error codes for machine consumption - Quiz 4medium Error Handling - Error codes for machine consumption - Quiz 6medium Rate Limiting and Throttling - Fixed window algorithm - Quiz 13medium Rate Limiting and Throttling - Sliding window algorithm - Quiz 1easy Rate Limiting and Throttling - Rate limit headers (X-RateLimit) - Quiz 14medium Rate Limiting and Throttling - Per-user vs per-IP limits - Quiz 10hard