Valid Statements for API Configuration in Oracle Cloud Platform

BD.

The API Platform Cloud Service is an Oracle Cloud service that provides a platform for designing, prototyping, documenting, testing, and managing APIs. It also provides features to secure and monitor APIs. When configuring APIs, Services, and Service Accounts in the API Platform Cloud Service, the following statements are valid:

A. An API Platform policy can be configured to reference another policy to override credentials information.

This statement is true. The API Platform Cloud Service provides policies that can be applied to APIs, Services, and Service Accounts to define the security, traffic management, and transformation rules. These policies can be chained to form a policy pipeline that defines the behavior of the API. A policy can reference another policy to override some of its settings, including credentials information.

B. An API references Services and Service Accounts through the policies defining the API.

This statement is also true. When designing an API, it is necessary to define the back-end services that the API will invoke. These services are defined as Services in the API Platform Cloud Service. Each Service requires a set of security credentials to invoke the back-end service. These credentials are defined in a Service Account. The API references the Services and Service Accounts through the policies defining the API.

C. A Service Account is limited to using OAuth credentials only for defining security because Services can be configured to define Basic Authentication.

This statement is false. The Service Account defines the security credentials required to invoke a back-end service, and it can use different types of security mechanisms, including OAuth, Basic Authentication, or custom authentication schemes.

D. A Service Account defines the security credentials required to invoke a back-end service.

This statement is true. A Service Account defines the security credentials required to invoke a back-end service. These credentials can include OAuth tokens, Basic Authentication credentials, or other types of security information.

E. A Service must include a Service Account reference to invoke a back-end service.

This statement is also false. A Service references a Service Account to obtain the security credentials required to invoke a back-end service, but it is not mandatory to have a Service Account associated with a Service. A Service can be configured to use a default set of security credentials or a specific set of credentials defined in a policy.