Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Exam MuleSoft Platform Architect I Topic 4 Question 24 Discussion

Actual exam question for Salesforce's MuleSoft Platform Architect I exam
Question #: 24
Topic #: 4
[All MuleSoft Platform Architect I Questions]

An API is protected with a Client ID Enforcement policy and uses the default configuration. Access is requested for the client application to the API, and an approved

contract now exists between the client application and the API

How can a consumer of this API avoid a 401 error "Unauthorized or invalid client application credentials"?

Show Suggested Answer Hide Answer
Suggested Answer: C

When using the Client ID Enforcement policy with default settings, MuleSoft expects the client_id and client_secret to be provided in the URI parameters of each request. This policy is typically used to control and monitor access by validating that each request has valid credentials. Here's how to avoid a 401 Unauthorized error:

URI Parameters Requirement:

The default configuration for the Client ID Enforcement policy requires the client_id and client_secret to be included in each request's URI parameters. This is a straightforward way to authenticate API requests without additional configurations.

Why Option C is Correct:

Providing client_id and client_secret in the URI parameters meets the policy's requirements for each request, ensuring authorized access and avoiding the 401 error.

of Incorrect Options:

Option A (sending a token in the header) would be applicable for token-based authentication (like OAuth 2.0), not Client ID Enforcement.

Option B (request body) and Option D (header) are not valid locations for client_id and client_secret under the default configuration of Client ID Enforcement, which expects them in the URI.

Reference For more details, consult MuleSoft's documentation on Client ID Enforcement policies and expected request configurations


by Ranee at Jan 25, 2025, 04:55 AM

Limited Time Offer

25%

Off

Get Premium MuleSoft Platform Architect I Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Micah
29 days ago
Wait, we're not supposed to send the client secret as a URI parameter? But that's how I've been doing it all this time! No wonder my API has been getting 'hacked' daily.
upvoted 0 times
Joanne
11 days ago
B) Send the obtained: client_id and client_secret in the request body
upvoted 0 times
...
Dewitt
17 days ago
A) Send the obtained token as a header in every call
upvoted 0 times
...
...
Sunshine
1 months ago
Ah, the age-old dilemma of client credentials vs. token-based authentication. I'd say A is the way to go, unless you want your API to be hacked faster than a celebrity's Twitter account.
upvoted 0 times
Gabriele
21 days ago
User 2: Agreed, it's the most secure way to avoid unauthorized access.
upvoted 0 times
...
Jamal
23 days ago
User 1: I think sending the obtained token as a header is the best option.
upvoted 0 times
...
...
Elfrieda
1 months ago
B and C seem like they're just giving away the client secret, which is a big no-no. A is the way to go, no doubt.
upvoted 0 times
Vicky
16 hours ago
User2: Got it, thanks for the clarification
upvoted 0 times
...
Gwenn
6 days ago
User3: User1 is right, A is the way to go to avoid exposing client_secret
upvoted 0 times
...
Junita
14 days ago
User2: B) Send the obtained: client_id and client_secret in the request body
upvoted 0 times
...
Ardella
17 days ago
User1: A) Send the obtained token as a header in every call
upvoted 0 times
...
...
Lasandra
2 months ago
Hmm, I'm torn between A and D. I guess I'll go with A, it sounds like the more straightforward option.
upvoted 0 times
Lamonica
3 days ago
Antonio: Definitely, it's important to ensure the client application credentials are valid.
upvoted 0 times
...
Dean
25 days ago
User 3: I agree, it's the most straightforward option to avoid a 401 error.
upvoted 0 times
...
Antonio
29 days ago
User 2: Yeah, sending the token as a header in every call seems like the best choice.
upvoted 0 times
...
Jospeh
30 days ago
User 1: I think option A is the way to go.
upvoted 0 times
...
...
Tiffiny
2 months ago
I'm not sure, but I think sending client_id and client_secret in the header makes sense for security reasons.
upvoted 0 times
...
Sherita
2 months ago
I think the answer is A. Sending the obtained token as a header in every call is the correct way to avoid a 401 error.
upvoted 0 times
German
1 months ago
User2: Yes, you're right. That's the way to go to prevent unauthorized access.
upvoted 0 times
...
Kimbery
1 months ago
User1: I think the answer is A. Sending the obtained token as a header in every call is the correct way to avoid a 401 error.
upvoted 0 times
...
...
Maybelle
2 months ago
I disagree, I believe the correct answer is D) Send the obtained client_id and client_secret in the header of every API Request call.
upvoted 0 times
...
Matthew
2 months ago
I think the answer is A) Send the obtained token as a header in every call.
upvoted 0 times
...

Save Cancel