What is the recommended practice for storing client credentials in an API Integration?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the Marketing Cloud Developers Certification Test with flashcards and multiple choice questions. Each question offers hints and explanations. Prepare effectively for your exam success!

Multiple Choice

What is the recommended practice for storing client credentials in an API Integration?

Explanation:
Keep credentials on the server and store them securely. For an API integration, the client should never see secrets like API keys or client secrets. Your backend should hold these credentials in a secure store (environment variables, a secrets manager, or encrypted vault) and perform the API calls on behalf of the client. This dramatically reduces the risk of exposure because code running in the browser, localStorage, or URL parameters can be inspected, accessed by malicious scripts, or logged in browser history and server logs. If you need to authenticate requests from a client, use short-lived tokens obtained through a secure server-side flow, and keep the actual secrets hidden from the client. Ensure all communications occur over TLS and rotate credentials regularly.

Keep credentials on the server and store them securely. For an API integration, the client should never see secrets like API keys or client secrets. Your backend should hold these credentials in a secure store (environment variables, a secrets manager, or encrypted vault) and perform the API calls on behalf of the client. This dramatically reduces the risk of exposure because code running in the browser, localStorage, or URL parameters can be inspected, accessed by malicious scripts, or logged in browser history and server logs.

If you need to authenticate requests from a client, use short-lived tokens obtained through a secure server-side flow, and keep the actual secrets hidden from the client. Ensure all communications occur over TLS and rotate credentials regularly.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy