Access Permissions
If the backend has role-based security, then you must have one of the required roles. In addition, some APIs have further restrictions, as shown in the following table:
| Platform | Base Endpoint | Permissions Required |
|---|---|---|
| Analytics Collector | /mobile/platform/analytics/ |
You can access these operations as a social user, a virtual user, an anonymous user, or a mobile user. If you access an operation as a virtual user or a mobile user, then you must have the role that's associated with the mobile backend. |
| App Policies | /mobile/platform/appconfig/ |
You can access these operations as a social user, a virtual user, an anonymous user, or a mobile user. If you access an operation as a virtual user or a mobile user, then you must have the role that's associated with the mobile backend. |
| Auth Token | /mobile/platform/auth/token |
Either set the Authorization header to Basic base64-client-id:client-secret or omit the header. If you omit the header, then you must provide in the form data either the client assertion and client assertion type or the client ID and client secret. |
| Database Access | /mobile/platform/database/ |
For security reasons, you can call these operations only from custom API implementations by using the custom code SDK. You can't make direct requests from client applications. This API is included in this reference merely to describe the request and response bodies for the custom code SDK calls. |
| Database Management | /mobile/system/databaseManagement/ |
You must be a team member with either the Administrator or Developer role. |
| Devices | /mobile/platform/devices/ |
You can access these operations as a social user, a virtual user, an anonymous user, or a mobile user. If you access an operation as a virtual user or a mobile user, then you must have the role that's associated with the mobile backend. However, if you wish to set the user property, then you must be a team member with either the Administrator or Developer role. |
| Location | /mobile/platform/location/ |
You can access these operations as a social user, a virtual user, an anonymous user, or a mobile user. If you access an operation as a virtual user or a mobile user, then you must have the role that's associated with the mobile backend. |
| Location Management | /mobile/system/locationManagement/ |
You must be a team member with the Administrator role. |
| My Profile | /mobile/platform/users/ |
You can access these operations as a social user, a virtual user, or a mobile user. If you access an operation as a virtual user or a mobile user, then you must have the role that's associated with the mobile backend. |
| My Profile Extended Operations | /mobile/platform/extended/users/ |
For security reasons, you can call these operations only from custom API implementations by using the custom code SDK. You can't make direct requests from client applications. This API is included in this reference merely to describe the request and response bodies for the custom code SDK calls. |
| Notifications | /mobile/system/notifications |
You must be a team member with either the Administrator or Developer. |
| Storage | /mobile/platform/storage/ |
Access to these operations depend on whether the collection is shared or isolated, whether it's listed in the Security_CollectionsAnonymousAccess environment policy, and whether you need READ or READ_WRITE access. For details, see the individual operations. |