Exam 200-901 topic 1 question 73 discussion

A is correct. It's missing the "Bearer" word before the token on header.

C. is correct. Access token has validity of only 12 hours. I tried using an expired token and got 401. { "errors": [ { "description": "The request requires a valid access token set in the Authorization request header." } ], "message": "The request requires a valid access token set in the Authorization request header.", "trackingId": "ROUTER_6011BD76-C99C-01BB-5AFD-AC12F8F25AFD" } 401

First off, this is a junk question filled with "gotchas". Yes, they're doing a POST when the API docs say it should be a get. If that was really the problem, we'd be getting a 400 Bad Request. When an API is designed properly to require authentication/authorization, a 401 takes precedence over a 400. You don't want randos bombing your API with bad requests looking for weaknesses. Auth/auth happens first. Both A and C would produce a 401, as demonstrated by others. In the absence of information suggesting otherwise, that leaves A as the most plausible since we know it produces a 401, and there's no indication that enough time has passed for the token to be expired.

A is correct. I had this exact problem when I was doing the Webex labs in the devnet course. I left "Bearer: " out of the token string and it returned a 401 error. When I added that to the token string, it worked.

C. Is correct. for the 401 response

The correct answer is A: https://developer.webex.com/docs/api/v1/messages/list-messages#:~:text=401,missing%20or%20incorrect.

A is obious

C is correct , we would get HTTP 400 is it was missing bearer word due to bad request

A ; missing "Bearer" word after header name "Authorization"

A is correct. It's missing the "Bearer" word before the token on header.

Clearly A. Header is malformed since it's missing the "Bearer" keyword. Not B because you would get a 400 error. Not C since the token in the page showed is always valid for 12h since last page refresh (so showing the page somehow implies the usage of a valid token). Not D since that would produce another type of error about insufficient priviledges for that user (but authorization to use the API would occur correctly), like a 403 forbidden or something similar.

The answer is C, search on this page “if you allow the access token to expire” https://developer.webex.com/blog/real-world-walkthrough-of-building-an-oauth-webex-integration

I think it is C. Look near the bottom of this page https://developer.webex.com/docs/integrations

Why do so many people think this should be a GET request when you can clearly see in the POST data that the user is sending text to a specific chat room (\"text\": \"test2\"), not asking for a list of them.

Read: https://developer.webex.com/docs/api/basics look at the section "--header "Authorization: Bearer ACCESS_TOKEN" \" A is Correct.

As someone else mentioned... the goal of the API above the curl statement was to get a list of messages, not POST to the message room. Even if the Bearer was in the header, the user would have been denied access. We aren't trying to post a message, we want to get the messages. Everything about the API docs is to "LIST" messages and not POST. In order to do that, we need to "GET". The curl statement is essentially doing the wrong thing. D is the answer.

I think this question have to be remake. The Method used was POST and not GET as in the API description, but then the option D doesn't fit what we are trying to do