Which statement about REST API requests is false?

• A. A REST request consists of a resource URI, an HTTP method, request headers, and a request body
• B. REST uses URIs to address resources and links between them
• C. A REST request is accessed using standard HTTP methods such as HEAD, GET, POST, PATCH, DELETE
• D. A REST request requires authentication via OAuth in every call

Answer: (D)

REST API requests are built around a resource URI, an HTTP method, request headers, and often a request body. The resource is identified by its URI, and links between resources enable navigation and discoverability within the API. Standard HTTP methods like HEAD, GET, POST, PATCH, and DELETE are used to perform actions on those resources. The authentication part, however, is not defined by REST itself. How you prove identity or authorize access is a design choice of the API, and many APIs use OAuth, but others rely on API keys, JWTs, Basic authentication, or even public access for certain endpoints. Because authentication via OAuth in every call is not a universal requirement of REST, that statement is false, while the others accurately describe how REST requests are formed and used.