Which statement is correct regarding the functionality of REST APIs?

The statement that REST APIs can initiate identity provisioning is correct because REST (Representational State Transfer) APIs are designed to provide a standard way for applications to communicate over the HTTP protocol. This communication model allows for various operations, including creating, reading, updating, and deleting resources.

In the context of identity management, REST APIs facilitate actions such as user creation and modifications, group memberships, and entitlements management, all of which are integral to the provisioning process. By leveraging REST APIs, organizations can automate and streamline the onboarding and offboarding of users, ensuring that identity provisioning is both efficient and scalable.

The other statements lack accuracy in relation to the capabilities of REST APIs. For instance, while REST APIs may automate tasks like password resets, they are not limited to this functionality alone; they can support a broad range of operations. Additionally, REST APIs are certainly not confined to read operations; they enable full CRUD (Create, Read, Update, Delete) functionality. Therefore, the ability of REST APIs to initiate identity provisioning aligns well with their versatile nature in enabling varied operations beyond mere access requests or read limits.