Which of the following is a security requirement for REST APIs in Salesforce?

Transport Layer Security (TLS) is a fundamental security requirement for REST APIs in Salesforce. TLS encrypts the data transmitted between the client and the server, ensuring that sensitive information is protected from eavesdropping and tampering during transit. This encryption is critically important, especially when handling personal or business data, as it provides a secure channel over insecure networks like the internet.

By mandating the use of TLS, Salesforce helps ensure that API calls are conducted securely, safeguarding both the integrity and confidentiality of the information being exchanged. This is a standard practice in secure web communication and is particularly vital for APIs, where data can be exposed to various forms of attacks if not adequately protected.

The other options present scenarios that do not align with Salesforce's security model for REST APIs. For example, while basic authentication is a method available for APIs, it is not a requirement; instead, OAuth is a preferred and more secure method commonly used. Similarly, stating that REST APIs cannot support OAuth is inaccurate, as OAuth is widely implemented in Salesforce for secure access. The assertion that REST APIs use only user credentials fails to capture the broader authentication methods available, reflecting a misinterpretation of best practices in API security.