Question: True or false? Most HubSpot API endpoints are public and can be accessed using client-side JavaScript.
- True
- False
Explanation
API access should be handled through secure server-side logic because protected resources require valid credentials and permissions. In Amazon Ads, an application must use OAuth 2.0 authorization before it can act on behalf of an advertiser. Access tokens allow API calls to retrieve or manage advertiser data, so exposing them in browser-side code creates avoidable security risk. Client-side JavaScript is not appropriate for handling secrets, refresh tokens, or protected advertiser operations. Secure integrations should keep authorization handling outside publicly visible code.
Why the other options are incorrect
True This incorrectly treats protected API access as public browser-side access.
Source for verification
https://advertising.amazon.com/API/docs/en-us/reference/concepts/overview
https://advertising.amazon.com/API/docs/en-us/guides/account-management/authorization/access-tokens
The answer(s) to the question is highlighted in the BOLD text above. You can also find more questions and answers related to the exams on the "Integrating With HubSpot I: Foundations" page.