Bird
0
0

An API uses token authentication but tokens never expire. What is a major security concern here?

hard📝 Application Q9 of 15
Rest API - Authentication and Authorization
An API uses token authentication but tokens never expire. What is a major security concern here?
ATokens will cause the API to slow down
BTokens can be reused indefinitely if stolen
CTokens will automatically refresh every hour
DTokens prevent unauthorized access completely
Step-by-Step Solution
Solution:

  1. Step 1: Understand token expiration importance

    Tokens that never expire can be used forever if stolen, increasing risk.

  2. Step 2: Identify the security concern

    Tokens can be reused indefinitely if stolen correctly states the risk of indefinite reuse of stolen tokens.

  3. Final Answer:

    Tokens can be reused indefinitely if stolen -> Option B

  4. Quick Check:

    Non-expiring tokens risk = Indefinite misuse [OK]
Quick Trick: Always set token expiration to limit misuse [OK]
Common Mistakes:
  • Assuming tokens refresh automatically
  • Thinking tokens slow down API
  • Believing tokens alone guarantee full security

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Rest API Quizzes
Authentication and Authorization - JWT structure and flow - Quiz 6medium Authentication and Authorization - OAuth 2.0 overview - Quiz 1easy Error Handling - Error response structure - Quiz 11easy Error Handling - Error response structure - Quiz 2easy Error Handling - Error codes for machine consumption - Quiz 4medium Error Handling - Error codes for machine consumption - Quiz 6medium Rate Limiting and Throttling - Fixed window algorithm - Quiz 13medium Rate Limiting and Throttling - Sliding window algorithm - Quiz 1easy Rate Limiting and Throttling - Rate limit headers (X-RateLimit) - Quiz 14medium Rate Limiting and Throttling - Per-user vs per-IP limits - Quiz 10hard