Which statement is correct with respect to OAuth API protection services offered by IBM Security Verify Access?

Which statement is correct with respect to OAuth API protection services offered by IBM Security Verify Access?
A . A single web reverse proxy cannot be both a point of contact server and an enforcement point for OAuth clients
B . A confidential API protection client must have a client secret associated with it
C . An API protection client can be associated with multiple API protection definitions
D . IBM Security Verify Access implements an OAuth token endpoint to validate access tokens

View Answer

Answer: B