Which statement about REST API is correct? (Choose two.)
Which statement about REST API is correct? (Choose two.)
When a user successfully authenticates to the Vault using REST API, an authentication token is returned. Each REST API call requires that a valid authentication token be provided to ensure secure communication and access control.
The answer are A and D. Statement B is incorrect because the REST API Windows authentication method does not allow skipping the logon API. Statement C is incorrect because the REST API cannot be configured to support Session Load Balancing by editing the PVConfiguration.xml and setting the AllowPVWASessionRedandancy=Yes. This setting only applies to the PVWA session load balancing feature. Statement E is incorrect because REST calls are not directly sent to the currently active Vault using Port 1858. REST calls are made to the CyberArk API Gateway, which then forwards the call to the appropriate Vault. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Implementing%20Privileged%20Account%20Security%20Web%20Services%20.htm
Answer is A. & D. https://docs.cyberark.com/PAS/13.2/en/Content/SDK/CyberArk%20Authentication%20-%20Logon_v10.htm?tocpath=Developer%7CREST%20APIs%7CAuthentication%7CLogon%7C_____1#:~:text=the%20Vault%20and%20returns%20a%20token https://docs.cyberark.com/PAS/13.2/en/Content/WebServices/Implementing%20Privileged%20Account%20Security%20Web%20Services%20.htm?tocpath=Developer%7CREST%20APIs%7C_____0#:~:text=For%20every%20REST%20API%20call%20except%20for%20Logon%2C%20the%20request%20must%20include%20an%20HTTPS%20header%20field%20named%20Authorization%2C%20containing%20the%20value%20of%20a%20session%20token%20received%20from%20the%20Logon%20activity.
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/SDK/CyberArk%20Authentication%20-%20Logon_v10.htm?TocPath=Developer%7CREST%20APIs%7CAuthentication%7CLogon%7C_____1