Test your knowledge on authentication (AuthN) and authorization (AuthZ) for APIs, including differences between sessions and tokens, using scopes and roles, and methods for testing protected endpoints. Ideal for learners wanting to grasp key concepts in securing API access.
Which process verifies the identity of a user trying to access an API?
If a user is recognized but needs their access level determined before using an endpoint, which process handles this scenario?
Which mechanism often uses a server-side record to keep track of a user's login state, known as a session?
In an API context, which item is commonly used to represent the user's identity and permissions in a stateless way?
What is generally used within tokens to define what actions a user can perform, such as 'read' or 'write'?
Which step is necessary when testing an API endpoint that requires authentication?
If Alice logs in and then tries to access admin data, which process checks if she has the right permissions?
Which issue occurs if an API endpoint does not verify user roles before granting access to protected data?
If a user's session expires, what must typically happen before they continue accessing protected API endpoints?
When sending a request to a protected API without authentication, what is the expected response?