Bird
0
0

If an API uses HTTPS but no authentication, what is the main security risk?

medium📝 Predict Output Q5 of 15
Rest API - Authentication and Authorization
If an API uses HTTPS but no authentication, what is the main security risk?
AData can be intercepted in transit
BUnauthorized users can access API data
CAPI will run slower
DAPI endpoints will be hidden
Step-by-Step Solution
Solution:

  1. Step 1: Understand HTTPS role

    HTTPS encrypts data in transit, preventing interception.

  2. Step 2: Identify risk without authentication

    Without authentication, anyone can access the API data despite encryption.

  3. Final Answer:

    Unauthorized users can access API data -> Option B

  4. Quick Check:

    HTTPS without auth risk = Unauthorized access [OK]
Quick Trick: Encryption protects transit, auth protects access [OK]
Common Mistakes:
  • Thinking HTTPS alone stops unauthorized access
  • Confusing encryption with hiding endpoints
  • Assuming HTTPS slows down API

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Rest API Quizzes
Authentication and Authorization - JWT structure and flow - Quiz 6medium Authentication and Authorization - OAuth 2.0 overview - Quiz 1easy Error Handling - Error response structure - Quiz 11easy Error Handling - Error response structure - Quiz 2easy Error Handling - Error codes for machine consumption - Quiz 4medium Error Handling - Error codes for machine consumption - Quiz 6medium Rate Limiting and Throttling - Fixed window algorithm - Quiz 13medium Rate Limiting and Throttling - Sliding window algorithm - Quiz 1easy Rate Limiting and Throttling - Rate limit headers (X-RateLimit) - Quiz 14medium Rate Limiting and Throttling - Per-user vs per-IP limits - Quiz 10hard