What is an advantage of using OAuth 2.0 client credentials and access tokens over only API keys for API authentication?
The advantage of using OAuth 2.0 client credentials and access tokens over only API keys for API authentication is that if the access token is compromised, the client credentials do not have to be reissued.
OAuth 2.0 is a secure protocol for authenticating clients and authorizing them to access protected resources. It works by having the client authenticate with the authorization server and receive an access token, which is then used to authenticate requests to the API. If the access token is compromised, it can be revoked and replaced without needing to reissue the client credentials.
Chapter 7: Security
Section 7.2: OAuth 2.0
During a planning session with the executive leadership, the development team director presents plans for a new API to expose the data in the company's order database. An earlier effort to build an API on top of this data failed, so the director is recommending a design-first approach.
Which characteristics of a design-first approach will help make this API successful?