試験MuleSoft-Integration-Associate-JPN トピック1 問題16 スレッド
Salesforce MuleSoft-Integration-Associate-JPNのリアル試験問題集
問題 #: 16
トピック #: 1
問題 #: 16
トピック #: 1
API 認証に API キーのみを使用するのではなく、OAuth 2.0 クライアント資格情報とアクセス トークンを使用する利点は何ですか?
おすすめの解答:A 解答を投票する
OAuth 2.0 provides a more secure and flexible way of handling API authentication compared to API keys.
Here's a detailed explanation of the advantage mentioned:
* OAuth 2.0 Client Credentials Grant:
* How It Works: In this flow, a client application uses its client ID and client secret to obtain an access token from the authorization server.
* Access Tokens: These tokens are short-lived and used to authenticate API requests.
* Security Advantages:
* Token Compromise: If an access token is compromised, it only grants limited access because it has a short lifespan and can be easily revoked.
* Client Credentials: The client credentials (client ID and secret) are not exposed during API calls, reducing the risk of them being compromised.
* Token Refresh: New tokens can be obtained without exposing the client credentials again.
* Comparison with API Keys:
* API Keys: If an API key is compromised, it often provides long-term access without expiration.
Revoking the API key impacts all users or applications using it.
* OAuth Tokens: Compromised tokens can be individually revoked without needing to change the client credentials, minimizing disruption.
References
* OAuth 2.0 Framework: OAuth 2.0
* MuleSoft Security Best Practices: API Security
Here's a detailed explanation of the advantage mentioned:
* OAuth 2.0 Client Credentials Grant:
* How It Works: In this flow, a client application uses its client ID and client secret to obtain an access token from the authorization server.
* Access Tokens: These tokens are short-lived and used to authenticate API requests.
* Security Advantages:
* Token Compromise: If an access token is compromised, it only grants limited access because it has a short lifespan and can be easily revoked.
* Client Credentials: The client credentials (client ID and secret) are not exposed during API calls, reducing the risk of them being compromised.
* Token Refresh: New tokens can be obtained without exposing the client credentials again.
* Comparison with API Keys:
* API Keys: If an API key is compromised, it often provides long-term access without expiration.
Revoking the API key impacts all users or applications using it.
* OAuth Tokens: Compromised tokens can be individually revoked without needing to change the client credentials, minimizing disruption.
References
* OAuth 2.0 Framework: OAuth 2.0
* MuleSoft Security Best Practices: API Security
Asakawa 2026-07-06 11:31:51
コメント
他人の解答コメントを賛成するのも、その解答に一票を入れることになります。したがって、すでに同じ意見の投票コメントが存在する場合、新規コメントをする代わりに賛成することもできます。
コメントを通報する
コメント中
今すぐ 新規登録 / ログイン (無料です)。