IBM Maximo Application Suite v8.x Administrator — Question 43

An organization wants to secure its exposed APIs running on IBM Cloud API Connect Reserved Instances using OAuth and OpenID.
Which capabilities can help in this case?

Answer options

• A. Authentication and authorization capabilities are offered by IBM API Connect itself
• B. IBM API Connect APIs must be secured by a third party as API Connect is responsible for managing the API life cycle only
• C. IBM API Connect is providing authentication, but authorization can be provided by IAM
• D. IBM API Connect creates user registries, but OAuth isn’t allowed in API Connect, and this can be done by a third-party provider

Correct answer: A

Explanation

The correct answer is A because IBM API Connect provides built-in authentication and authorization capabilities, making it suitable for securing APIs with OAuth and OpenID. Option B is incorrect as API Connect does have security features. Option C is misleading since API Connect does offer both authentication and authorization. Option D is also incorrect because OAuth is indeed supported in API Connect.