39 Questions
Which type of API does Flow.BI provide?
Both REST API and SQL API
What is the basis of security for Flow.BI's API?
API keys
Where can API keys be created in Flow.BI?
On the user's profile page
Flow.BI provides three API’s at the moment: REST API, SQL API, and GraphQL API.
False
Flow.BI's API security is not based on user credentials.
False
API keys in Flow.BI can only be created by administrators.
False
Match the following API's with their corresponding security type in Flow.BI:
REST API = User credentials SQL API = API keys GraphQL API = User profile JavaScript API = None of the above
Match the following API keys with the correct location where they are created in Flow.BI:
User API keys = REST API Admin API keys = GraphQL API
Match the following API types with their corresponding number in Flow.BI:
REST API = 1 SQL API = 2 GraphQL API = 3 JavaScript API = 4
Match the following API key usage scenarios with their descriptions:
Authentication = Used to authenticate a user, developer, or calling program to an API Authorization = Used to authorize a user, developer, or calling program to access specific resources or perform specific actions on an API Rate limiting = Used to limit the number of requests that a user, developer, or calling program can make to an API Usage tracking = Used to track the usage of an API by users, developers, and calling programs
Match the following API key security tips with their recommendations:
Keep your API keys secret = Do not share your API keys with anyone you do not trust Use strong API keys = API keys should be long and complex to make them difficult to guess or crack Rotate your API keys regularly = Reduce the risk of unauthorized access by regularly changing your API keys Monitor your API usage = Watch out for suspicious activity, such as a sudden increase in the number of requests from a particular user or IP address
Match the following API key characteristics with their definitions:
Unique identifier = A value that is different for each user, developer, or calling program Long strings of random characters = Typical format for API keys Generated by the API provider = Who is responsible for creating API keys Passed to the API in a variety of ways = Different methods of providing API keys to the API
Match the following API key usage scenarios with their explanations:
Authentication = Used to verify the identity of the user, developer, or calling program Authorization = Determines what actions or resources the user, developer, or calling program is allowed to access Rate limiting = Prevents abuse of the API by limiting the number of requests that can be made within a certain time period Usage tracking = Provides information on how the API is being used, including who is using it and how often
Match the following API key best practices with their descriptions:
Keep your API keys secret = To prevent unauthorized access to your API Use strong API keys = To make it difficult for attackers to guess or crack the key Rotate your API keys regularly = To minimize the impact of a compromised key Monitor your API usage = To detect and respond to suspicious activity
Match the following API key security measures with their explanations:
Keeping API keys secret = Protects against unauthorized access Using strong API keys = Increases the difficulty of guessing or cracking the key Rotating API keys regularly = Reduces the risk of unauthorized access by changing the key Monitoring API usage = Helps to identify and respond to potential security issues
Match the following API key characteristics with their definitions:
Generated by the API provider = The entity responsible for creating the API key Long and complex = Desirable traits for an API key to make it difficult to guess or crack Passed to the API in a variety of ways = Different methods of providing the API key to the API Used for a variety of purposes = Authentication, authorization, rate limiting, and usage tracking
Match the following API key usage scenarios with their descriptions:
Authentication = The process of verifying the identity of the user, developer, or calling program Authorization = Determines what actions or resources the user, developer, or calling program is allowed to access Rate limiting = Limits the number of requests that can be made to the API within a certain time period Usage tracking = Provides information on how the API is being used, including who is using it and how often
Match the following API key security measures with their explanations:
Keeping API keys secret = Prevents unauthorized access to the API Using strong API keys = Increases the security of the API by making it harder to guess or crack the key Rotating API keys regularly = Reduces the risk of unauthorized access by changing the key Monitoring API usage = Detects and responds to suspicious or abnormal activity
Match the following API key usage scenarios with their descriptions:
Authentication = Verifies the identity of the user, developer, or calling program Authorization = Determines what actions or resources the user, developer, or calling program is allowed to access Rate limiting = Prevents abuse of the API by limiting the number of requests that can be made Usage tracking = Provides information on how the API is being used
Which of the following is NOT a purpose of API keys?
Data encryption
What is the main function of API keys in API security?
To control access to APIs
How should API keys be kept to ensure security?
Rotated regularly
In what ways can API keys be passed to an API?
In the body of an HTTP request
What is the recommended length and complexity for API keys?
Long and complex
Who typically uses API keys to authenticate and authorize with an API?
Calling programs
What is one of the purposes of rate limiting with API keys?
To prevent unauthorized access
Why should API keys be kept secret and not shared with untrusted individuals?
To reduce the risk of unauthorized access
What can API keys be used to track?
API usage
What is an important part of API security that API keys help with?
Access control
API keys are used to authenticate and authorize a human user to an API.
False
API keys are typically generated by the API provider as long strings of random characters.
True
API keys can only be passed to the API in the header of an HTTP request.
False
API keys can be used for authentication, authorization, rate limiting, and usage tracking.
True
API keys are not important for API security.
False
It is not necessary to rotate API keys regularly to reduce the risk of unauthorized access.
False
Monitoring API usage is not necessary for API security.
False
API keys should be kept secret and shared with trusted individuals only.
True
API keys can be used to track the usage of an API by users, developers, and calling programs.
True
API keys can be used to access specific resources or perform specific actions on an API.
True
Test your knowledge on API keys and their usage in Flow.BI's REST API and SQL API. Learn about the security measures based on user credentials and explore how to create and manage API keys in Flow.BI's user profile.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free