Which statement is correct about the Salesforce APIs in a native mobile application context?

In the context of Salesforce APIs for a native mobile application, stating that the REST API supports OAuth is accurate and significant. OAuth is a widely adopted authorization framework that allows applications to obtain limited access to user accounts on an HTTP service, such as Salesforce. This is crucial for mobile applications where secure, token-based access to resources is needed to protect user data and maintain session security.

The REST API's integration with OAuth enables mobile applications to authenticate users more easily and securely, enhancing user experience while ensuring that sensitive operations are performed reliably. As mobile apps often operate in environments with varying levels of security, leveraging OAuth through the REST API allows developers to implement best practices for security.

When considering the other options, the Enterprise WSDL is primarily used for SOAP-based connections and does not inherently minimize payload size or provide OAuth support, which is tailored more for REST. While WS-Security can be applied in SOAP communications, it's not relevant in the context of the REST API, which operates differently. Thus, the focus on OAuth support within the REST API accurately highlights its suitability for native mobile application contexts.