Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Exam MuleSoft Platform Architect I Topic 4 Question 24 Discussion

Actual exam question for Salesforce's MuleSoft Platform Architect I exam
Question #: 24
Topic #: 4
[All MuleSoft Platform Architect I Questions]

An API is protected with a Client ID Enforcement policy and uses the default configuration. Access is requested for the client application to the API, and an approved

contract now exists between the client application and the API

How can a consumer of this API avoid a 401 error "Unauthorized or invalid client application credentials"?

Show Suggested Answer Hide Answer
Suggested Answer: C

When using the Client ID Enforcement policy with default settings, MuleSoft expects the client_id and client_secret to be provided in the URI parameters of each request. This policy is typically used to control and monitor access by validating that each request has valid credentials. Here's how to avoid a 401 Unauthorized error:

URI Parameters Requirement:

The default configuration for the Client ID Enforcement policy requires the client_id and client_secret to be included in each request's URI parameters. This is a straightforward way to authenticate API requests without additional configurations.

Why Option C is Correct:

Providing client_id and client_secret in the URI parameters meets the policy's requirements for each request, ensuring authorized access and avoiding the 401 error.

of Incorrect Options:

Option A (sending a token in the header) would be applicable for token-based authentication (like OAuth 2.0), not Client ID Enforcement.

Option B (request body) and Option D (header) are not valid locations for client_id and client_secret under the default configuration of Client ID Enforcement, which expects them in the URI.

Reference For more details, consult MuleSoft's documentation on Client ID Enforcement policies and expected request configurations


by Ranee at Jan 25, 2025, 04:55 AM

Limited Time Offer

25%

Off

Get Premium MuleSoft Platform Architect I Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Elfrieda
4 days ago
B and C seem like they're just giving away the client secret, which is a big no-no. A is the way to go, no doubt.
upvoted 0 times
...
Lasandra
8 days ago
Hmm, I'm torn between A and D. I guess I'll go with A, it sounds like the more straightforward option.
upvoted 0 times
...
Tiffiny
11 days ago
I'm not sure, but I think sending client_id and client_secret in the header makes sense for security reasons.
upvoted 0 times
...
Sherita
13 days ago
I think the answer is A. Sending the obtained token as a header in every call is the correct way to avoid a 401 error.
upvoted 0 times
...
Maybelle
16 days ago
I disagree, I believe the correct answer is D) Send the obtained client_id and client_secret in the header of every API Request call.
upvoted 0 times
...
Matthew
17 days ago
I think the answer is A) Send the obtained token as a header in every call.
upvoted 0 times
...

Save Cancel