Chapter quiz
Test yourself
You've learned why requests get rejected, how API keys and tokens work, and what OAuth does behind the scenes. Let's see what stuck.
Status codes
You make an API call and get a 401 Unauthorized. What does this mean?
You're logged in as a regular user and try to access an admin-only endpoint. What status code do you expect?
API keys
What does an API key identify?
Your engineer says 'we can't put the API key in the frontend.' Why?
Tokens
What's the main difference between an API key and a token?
In the login flow, what does the server send back after validating a user's email and password?
OAuth
When you click 'Sign in with Google' on a new app, does that app ever see your Google password?
Look at this header: Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.... What type of authentication is this?
You're done with Chapter 4. You now understand why APIs reject requests, the difference between API keys and tokens, and how OAuth works behind "Sign in with Google." When your engineering team mentions 401 errors, token expiry, or API key rotation, you know exactly what they're talking about. Next up: reading API documentation.