Web Apps make API requests in the context of an end user and are issued what credentials?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Marketing Cloud Developers Certification Test with flashcards and multiple choice questions. Each question offers hints and explanations. Prepare effectively for your exam success!

Multiple Choice

Web Apps make API requests in the context of an end user and are issued what credentials?

Explanation:
Web apps act as confidential clients in OAuth and must prove their identity to the authorization server when requesting tokens. The credentials they’re issued are a client identifier (client ID) and a client secret. The client ID lets the server know which application is making the request, while the client secret proves that the request is coming from the legitimate, registered app. When the app exchanges an authorization code for tokens, it includes both the client ID and the client secret to authenticate itself. Using only a client ID wouldn’t verify the app’s identity, and usernames/passwords belong to the end user, not the app, in this flow. A refresh token is a token for obtaining new access tokens later, not the credentials used to identify the application during the initial request.

Web apps act as confidential clients in OAuth and must prove their identity to the authorization server when requesting tokens. The credentials they’re issued are a client identifier (client ID) and a client secret. The client ID lets the server know which application is making the request, while the client secret proves that the request is coming from the legitimate, registered app. When the app exchanges an authorization code for tokens, it includes both the client ID and the client secret to authenticate itself.

Using only a client ID wouldn’t verify the app’s identity, and usernames/passwords belong to the end user, not the app, in this flow. A refresh token is a token for obtaining new access tokens later, not the credentials used to identify the application during the initial request.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy