Your development team has created a structured API to retrieve vehicle data. They want to allow third parties to develop tools for dealerships that use this vehicle event data. You want to support delegated authorization against this data. What should you do?
Choose an answer
Tap an option to check your answer.
Correct answer: Build or leverage an OAuth-compatible access control system.
Why this is the answer
OAuth (Open Authorization) is an open standard for delegated authorization. It allows a third-party application to access a user's resources hosted by a different service provider (like your vehicle data API) without exposing the user's credentials to the third party. This is precisely what's needed for third-party developers to build tools for dealerships using your API. SAML 2.0 is primarily for authentication (Single Sign-On), not delegated authorization. Restricting by IP address is a security measure, not an authorization mechanism, and is inflexible for dynamic cloud environments. Creating secondary credentials for each dealer is unscalable, insecure, and defeats the purpose of delegated authorization, as it grants direct access rather than controlled, limited access.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed