CAPIE - Chapter 1.6 - Introduction to APIs MCQ

1. Which of the following best describes an API (Application Programming Interface)?

A. A tool for directly modifying an application's source code

B. A specification that allows different software components to communicate

C. A library exclusively used for graphical user interfaces

D. A low-level hardware driver

Correct Answer: B
Explanation: An API defines the rules and protocols that let different software components communicate.

2. What is a key characteristic of RESTful APIs compared to SOAP APIs?

A. REST only uses XML for data transfer

B. REST is a protocol, while SOAP is an architectural style

C. REST typically uses JSON, whereas SOAP relies on XML

D. REST requires stateful connections to function properly

Correct Answer: C
Explanation: REST commonly uses JSON (though it can support other formats), whereas SOAP relies on XML.

3. Which of the following describes Basic Authentication?

A. A method that encrypts the username and password using a secure algorithm

B. A token-based authentication method requiring OAuth 2.0 flows

C. A method where user credentials are Base64-encoded and sent with each request

D. A method that uses refresh tokens to obtain new access tokens

Correct Answer: C
Explanation: Basic Authentication encodes the username and password in Base64, which is not encryption.

4. In the context of API security, which statement is true about OAuth 2.0?

A. OAuth 2.0 only works with SOAP APIs

B. OAuth 2.0 is primarily for user authentication and does not handle authorization

C. OAuth 2.0 uses tokens (access tokens, refresh tokens) for delegated access

D. OAuth 2.0 requires a dedicated hardware security module to function

Correct Answer: C
Explanation: OAuth 2.0 issues tokens (access tokens, refresh tokens) to enable delegated access without exposing user credentials.

5. Which of the following most accurately describes JSON Web Tokens (JWT)?

A. Tokens that are generated only for database operations

B. XML-formatted tokens primarily used in SOAP APIs

C. A compact, URL-safe token format consisting of Header, Payload, and Signature

D. A decommissioned standard that was replaced by XML encryption

Correct Answer: C
Explanation: JWTs feature a header, payload, and signature in a compact, URL-safe format.

6. In a microservices architecture, an API Gateway typically:

A. Directly stores all user data and credentials

B. Only handles authentication for internal users

C. Routes incoming requests to the appropriate microservice and can manage cross-cutting concerns (e.g., rate limiting)

D. Replaces the need for any access control in the microservices themselves

Correct Answer: C
Explanation: An API Gateway routes requests to microservices and can manage logging, caching, and rate limiting.

7. What is an advantage of serverless architecture for APIs?

A. Eliminates all security concerns

B. Requires no maintenance or updates for code

C. Automatically manages server resources, allowing you to focus on code rather than infrastructure

D. Guarantees stateful sessions across all functions

Correct Answer: C
Explanation: Serverless computing abstracts away server management, letting developers focus on code rather than infrastructure details.

8. Which of the following is a correct description of RBAC (Role-Based Access Control)?

A. Access rights are determined randomly for each user

B. Users are granted privileges directly without any conceptual groupings

C. Users are assigned roles that each have predefined permissions

D. Access is decided solely by analyzing API traffic volume

Correct Answer: C
Explanation: In RBAC, users are assigned roles, and each role has specific permissions.

9. When documenting an API, it is most important to:

A. Provide only the list of endpoints without specifying input parameters

B. Hide error codes to avoid confusing the user

C. Provide clear examples of requests and responses, along with authentication details

D. Focus exclusively on the front-end framework used

Correct Answer: C
Explanation: Comprehensive documentation should clearly explain request/response formats, parameters, error handling, and security.

10. A major security pitfall in API documentation is:

A. Including clear examples of valid requests

B. Using standardized formats like OpenAPI

C. Omitting critical details such as authentication methods and rate limits

D. Explaining how an API Gateway handles requests

Correct Answer: C
Explanation: Leaving out critical details—like how to authenticate or the existence of rate limits—can create security blind spots.