Which of the following is a disadvantage of using a static embedded API Key for client
authentication to a web service?

A.
API Keys require the use of a certificate issued by a commercial Certificate Authority.

B.
API Keys are used with asymmetric cryptography, which is slow and can negatively impact the
performance of the client application.

C.
API Keys cannot be transmitted over HTTPS, so they are open to compromise.

D.
API Keys can be discovered and abused by an attacker.

Explanation: