Which authentication method does an enhanced Marketing Cloud App package use to acquire an access token on behalf of a user?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Marketing Cloud Developers Certification Test with flashcards and multiple choice questions. Each question offers hints and explanations. Prepare effectively for your exam success!

Multiple Choice

Which authentication method does an enhanced Marketing Cloud App package use to acquire an access token on behalf of a user?

Explanation:
OAuth 2.0 with user consent is the mechanism for an enhanced Marketing Cloud App Package to act on behalf of a specific user. In this flow, the app redirects the user through an authorization step, and then uses the v2/userinfo endpoint as part of that process to obtain the access token tied to that user along with the user’s identity. This ensures the app can perform actions using the user’s permissions and can tailor behavior to who is signed in. This approach is the right fit because the scenario requires acting with a user’s authorization and context. A JWT-based server-to-server flow would issue a token for the app itself without a specific user, which isn’t suitable when the app must operate on behalf of a person. API keys in headers bypass OAuth and don’t provide per-user authorization, and basic authentication with a username and password is insecure and not how enhanced App Packages are designed to authenticate.

OAuth 2.0 with user consent is the mechanism for an enhanced Marketing Cloud App Package to act on behalf of a specific user. In this flow, the app redirects the user through an authorization step, and then uses the v2/userinfo endpoint as part of that process to obtain the access token tied to that user along with the user’s identity. This ensures the app can perform actions using the user’s permissions and can tailor behavior to who is signed in.

This approach is the right fit because the scenario requires acting with a user’s authorization and context. A JWT-based server-to-server flow would issue a token for the app itself without a specific user, which isn’t suitable when the app must operate on behalf of a person. API keys in headers bypass OAuth and don’t provide per-user authorization, and basic authentication with a username and password is insecure and not how enhanced App Packages are designed to authenticate.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy