Which of the following statements is true regarding OAuth support in REST APIs?

The statement that OAuth is optional and must be configured in connected apps is accurate. OAuth 2.0 is a widely adopted authorization framework that allows third-party applications to obtain limited access to an HTTP service, either on behalf of a resource owner or by consuming a service directly. In the context of Salesforce, OAuth can be utilized to enable secure access to Salesforce REST APIs.

When developing applications that connect to Salesforce's REST APIs, it is crucial to create a connected app within Salesforce where you can configure OAuth settings. This includes defining the scopes and permissions that the app will have, as well as setting up the callback URL for authorization flow. While OAuth provides an additional layer of security and is essential for certain types of integrations, it is not mandatory for all use cases; hence, it can be considered optional depending on the application requirements and the level of access needed.

The correct implementation and configuration of OAuth in connected apps help ensure that only authorized users or applications can access the data, aligning with best practices in security for API interactions. Thus, organizations can choose to implement OAuth based on their specific integration needs.