Web Apps make API requests in the context of an end user and are issued what credentials?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Marketing Cloud Developers Certification Exam. Dive into multiple-choice questions with detailed explanations and hints. Enhance your skills and ensure success with targeted prep.

Multiple Choice

Web Apps make API requests in the context of an end user and are issued what credentials?

Explanation:
Web apps act as confidential clients in OAuth and must prove their identity to the authorization server when requesting tokens. The credentials they’re issued are a client identifier (client ID) and a client secret. The client ID lets the server know which application is making the request, while the client secret proves that the request is coming from the legitimate, registered app. When the app exchanges an authorization code for tokens, it includes both the client ID and the client secret to authenticate itself. Using only a client ID wouldn’t verify the app’s identity, and usernames/passwords belong to the end user, not the app, in this flow. A refresh token is a token for obtaining new access tokens later, not the credentials used to identify the application during the initial request.

Web apps act as confidential clients in OAuth and must prove their identity to the authorization server when requesting tokens. The credentials they’re issued are a client identifier (client ID) and a client secret. The client ID lets the server know which application is making the request, while the client secret proves that the request is coming from the legitimate, registered app. When the app exchanges an authorization code for tokens, it includes both the client ID and the client secret to authenticate itself.

Using only a client ID wouldn’t verify the app’s identity, and usernames/passwords belong to the end user, not the app, in this flow. A refresh token is a token for obtaining new access tokens later, not the credentials used to identify the application during the initial request.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy