What API policy would be LEAST LIKELY used when designing an Experience API that is intended to work with a consumer mobile phone or tablet application?
What API policy would be LEAST LIKELY used when designing an Experience API that is intended to work with a consumer mobile phone or tablet application?
When designing an Experience API for consumer mobile phones or tablet applications, the least likely policy to be used is IP whitelisting. This is because mobile devices typically have dynamic IP addresses and can connect from various locations, making it impractical to use an IP whitelist. The other options, such as OAuth 2.0 access token enforcement, Client ID enforcement, and JSON threat protection, are more suitable for securing and managing APIs accessed by mobile applications.
The answer is D. IP whitelist. An IP whitelist is a security measure that restricts access to an API based on a list of approved IP addresses. It is not ideal for a mobile phone or tablet application because these devices can have dynamic IP addresses and can connect from different locations. Therefore, it would not be practical to enforce an IP whitelist for mobile devices.
Should be D. Cannot be C because you do need JSON threat protection from API Consumers. IP address of mobile devices are not fixed, so cannot have an IP Whitelist.
the question is : "LEAST LIKELY used". in my opinion is D, because IP address for mobile devices is not fixed, so IP WHITELIST has less probability to be used
IP is not fixed in case of mobile clients
IP whitelist
Should be D. Cannot be C because you do need JSON threat protection from API Consumers. IP address of mobile devices are not fixed, so cannot have an IP Whitelist.
Answer: D