Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Salesforce Exam Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Topic 4 Question 24 Discussion

Actual exam question for Salesforce's Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) exam
Question #: 24
Topic #: 4
[All Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Questions]

An API is protected with a Client ID Enforcement policy and uses the default configuration. Access is requested for the client application to the API, and an approved

contract now exists between the client application and the API

How can a consumer of this API avoid a 401 error "Unauthorized or invalid client application credentials"?

Show Suggested Answer Hide Answer
Suggested Answer: C

When using the Client ID Enforcement policy with default settings, MuleSoft expects the client_id and client_secret to be provided in the URI parameters of each request. This policy is typically used to control and monitor access by validating that each request has valid credentials. Here's how to avoid a 401 Unauthorized error:

URI Parameters Requirement:

The default configuration for the Client ID Enforcement policy requires the client_id and client_secret to be included in each request's URI parameters. This is a straightforward way to authenticate API requests without additional configurations.

Why Option C is Correct:

Providing client_id and client_secret in the URI parameters meets the policy's requirements for each request, ensuring authorized access and avoiding the 401 error.

of Incorrect Options:

Option A (sending a token in the header) would be applicable for token-based authentication (like OAuth 2.0), not Client ID Enforcement.

Option B (request body) and Option D (header) are not valid locations for client_id and client_secret under the default configuration of Client ID Enforcement, which expects them in the URI.

Reference For more details, consult MuleSoft's documentation on Client ID Enforcement policies and expected request configurations


by Ranee at Jan 25, 2025, 04:55 AM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cristy
5 days ago
A is definitely the way to go, always send the token in the header!
upvoted 0 times
...
Charlesetta
11 days ago
I vaguely recall that sending credentials as URI parameters can expose them in logs, so I think that’s not a good idea. I’d lean towards option D instead.
upvoted 0 times
...
Gwen
16 days ago
I’m a bit confused about whether sending client_id and client_secret in the body is secure enough. I feel like headers are generally preferred for sensitive data.
upvoted 0 times
...
Marnie
22 days ago
I think we discussed something similar in class where we had to send credentials in the header. I feel like option A might be the right choice.
upvoted 0 times
...
Lonna
28 days ago
I remember that sending the token in the header is a common practice, but I'm not sure if that's the only way to avoid the 401 error.
upvoted 0 times
...
Mammie
28 days ago
The question states that the API is using the default configuration for the Client ID Enforcement policy, so the best way to avoid the 401 error is to send the obtained token as a header in every call. This is the most secure and recommended approach.
upvoted 0 times
...
Brigette
28 days ago
I'm not entirely sure about this one. Should I be sending the client_id and client_secret in the header or the request body? I want to make sure I understand the right approach before submitting my answer.
upvoted 0 times
...
Galen
28 days ago
Based on the question, the API is using a Client ID Enforcement policy, so the correct answer is to send the obtained token as a header in every call. This is the standard way to authenticate with an API protected by this type of policy.
upvoted 0 times
...
Rocco
28 days ago
Hmm, I'm a bit confused. Do I need to send the client_id and client_secret in the request body or as URI parameters? I'm not sure which one is the right approach.
upvoted 0 times
...
Niesha
1 months ago
The key here is to send the obtained token as a header in every call. That's the correct way to authenticate with the API and avoid the 401 error.
upvoted 0 times
...
Micah
8 months ago
Wait, we're not supposed to send the client secret as a URI parameter? But that's how I've been doing it all this time! No wonder my API has been getting 'hacked' daily.
upvoted 0 times
Joanne
8 months ago
B) Send the obtained: client_id and client_secret in the request body
upvoted 0 times
...
Dewitt
8 months ago
A) Send the obtained token as a header in every call
upvoted 0 times
...
...
Sunshine
8 months ago
Ah, the age-old dilemma of client credentials vs. token-based authentication. I'd say A is the way to go, unless you want your API to be hacked faster than a celebrity's Twitter account.
upvoted 0 times
Gabriele
8 months ago
User 2: Agreed, it's the most secure way to avoid unauthorized access.
upvoted 0 times
...
Jamal
8 months ago
User 1: I think sending the obtained token as a header is the best option.
upvoted 0 times
...
...
Elfrieda
9 months ago
B and C seem like they're just giving away the client secret, which is a big no-no. A is the way to go, no doubt.
upvoted 0 times
Vicky
7 months ago
User2: Got it, thanks for the clarification
upvoted 0 times
...
Gwenn
8 months ago
User3: User1 is right, A is the way to go to avoid exposing client_secret
upvoted 0 times
...
Junita
8 months ago
User2: B) Send the obtained: client_id and client_secret in the request body
upvoted 0 times
...
Ardella
8 months ago
User1: A) Send the obtained token as a header in every call
upvoted 0 times
...
...
Lasandra
9 months ago
Hmm, I'm torn between A and D. I guess I'll go with A, it sounds like the more straightforward option.
upvoted 0 times
Lamonica
7 months ago
Antonio: Definitely, it's important to ensure the client application credentials are valid.
upvoted 0 times
...
Dean
8 months ago
User 3: I agree, it's the most straightforward option to avoid a 401 error.
upvoted 0 times
...
Antonio
8 months ago
User 2: Yeah, sending the token as a header in every call seems like the best choice.
upvoted 0 times
...
Jospeh
8 months ago
User 1: I think option A is the way to go.
upvoted 0 times
...
...
Tiffiny
9 months ago
I'm not sure, but I think sending client_id and client_secret in the header makes sense for security reasons.
upvoted 0 times
...
Sherita
9 months ago
I think the answer is A. Sending the obtained token as a header in every call is the correct way to avoid a 401 error.
upvoted 0 times
German
8 months ago
User2: Yes, you're right. That's the way to go to prevent unauthorized access.
upvoted 0 times
...
Kimbery
9 months ago
User1: I think the answer is A. Sending the obtained token as a header in every call is the correct way to avoid a 401 error.
upvoted 0 times
...
...
Maybelle
9 months ago
I disagree, I believe the correct answer is D) Send the obtained client_id and client_secret in the header of every API Request call.
upvoted 0 times
...
Matthew
9 months ago
I think the answer is A) Send the obtained token as a header in every call.
upvoted 0 times
...

Save Cancel