content/docs/security-and-auth/app-security.html - usergrid - Git at Google



 <!DOCTYPE html>
 <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
 <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
 <head>
   <meta charset="utf-8">

   <meta name="viewport" content="width=device-width, initial-scale=1.0">

   <title>Security &amp; token authentication &mdash; Apache Usergrid 1.0 documentation</title>


     <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />


     <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
         <link rel="next" title="Using permissions" href="using-permissions.html"/>
         <link rel="prev" title="Troubleshooting" href="../push-notifications/troubleshooting.html"/>


   <script src="../_static/js/modernizr.min.js"></script>

 </head>

 <body class="wy-body-for-nav" role="document">

   <div class="wy-grid-for-nav">


     <nav data-toggle="wy-nav-shift" class="wy-nav-side">
       <div class="wy-side-nav-search">


           <a href="../index.html" class="icon icon-home"> Apache Usergrid


         </a>


             <div class="version">
               1.0
             </div>


 <div role="search">
   <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
     <input type="text" name="q" placeholder="Search docs" />
     <input type="hidden" name="check_keywords" value="yes" />
     <input type="hidden" name="area" value="default" />
   </form>
 </div>


       </div>

       <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">


               <p class="caption"><span class="caption-text">Getting Started</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../introduction/overview.html">Getting Started</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Using Usergrid</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-account.html">Creating a Usergrid Account</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-a-new-application.html">Creating a new application</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-the-api.html">Using the API</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Data Storage</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Data Queries</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters &amp; clauses</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators &amp; data types</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Entity Connections</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Push Notifications</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/overview.html">Push notifications overview</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/adding-push-support.html">Adding push notifications support</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/getting-started.html">Getting started with push notifications</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/tutorial.html">Tutorial: Push notifications sample app</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/registering.html">Registering with a notification service</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-notifiers.html">Creating notifiers</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/managing-users-and-devices.html">Managing users and devices</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-and-managing-notifications.html">Creating and managing notifications</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/troubleshooting.html">Troubleshooting</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Security &amp; Authentication</span></p>
 <ul class="current">
 <li class="toctree-l1 current"><a class="current reference internal" href="">Security &amp; token authentication</a></li>
 <li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
 <li class="toctree-l1"><a class="reference internal" href="using-roles.html">Using roles</a></li>
 <li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users &amp; app clients</a></li>
 <li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li>
 <li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
 <li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
 <li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
 <li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
 <li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li>
 </ul>
 <p class="caption"><span class="caption-text">User Management &amp; Social Graph</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management &amp; social graph</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Geo-location</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Assets &amp; Files</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/uploading-assets.html">Uploading assets</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/retrieving-assets.html">Retrieving assets</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/folders.html">Folders</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Counters &amp; Events</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters &amp; events</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating &amp; incrementing counters</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Organizations &amp; Applications</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization &amp; application management</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/admin-user.html">Admin user</a></li>
 </ul>
 <p class="caption"><span class="caption-text">API Reference</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#sub-types">Sub-Types</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Client SDKs</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Installing Usergrid</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../installation/deployment-guide.html">Usergrid 2.1.0 Deployment Guide</a></li>
 </ul>
 <p class="caption"><span class="caption-text">More about Usergrid</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations &amp; Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code &amp; Docs</a></li>
 </ul>


       </div>
       &nbsp;
     </nav>

     <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">


       <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
         <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
         <a href="../index.html">Apache Usergrid</a>
       </nav>


       <div class="wy-nav-content">
         <div class="rst-content">
           <div role="navigation" aria-label="breadcrumbs navigation">
   <ul class="wy-breadcrumbs">
     <li><a href="../index.html">Docs</a> &raquo;</li>

     <li>Security &amp; token authentication</li>
       <li class="wy-breadcrumbs-aside">


             <a href="../_sources/security-and-auth/app-security.txt" rel="nofollow"> View page source</a>


       </li>
   </ul>
   <hr/>
 </div>
           <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
            <div itemprop="articleBody">

   <div class="section" id="security-token-authentication">
 <h1>Security &amp; token authentication<a class="headerlink" href="#security-token-authentication" title="Permalink to this headline">¶</a></h1>
 <p>Any app you put into production should feature security that protects
 your app, your users, and your app&#8217;s data. Implementing security means
 taking steps in your mobile app&#8217;s code and in your API Services BaaS
 application.</p>
 <p><strong>Important</strong>: When you register for the API Services BaaS, you get a
 sandbox application that you can use to try things out. This application
 is not for use in production. By default, the sandbox application is not
 protected by any security measures whatsoever. Use the sandbox only for
 experimentation, and only with data that isn&#8217;t in any way sensitive.</p>
 <p>When securing your app, follow these high-level steps:</p>
 <ol class="arabic simple">
 <li>Define the rules that will govern access by your app&#8217;s users to your
 app&#8217;s data and features. You do this with the admin portal by
 creating permission rules, then associating those rules with your
 users. For more information, see <a class="reference external" href="managing-access-defining-permission-rules.html">Using
 Permissions</a>.</li>
 <li>Write code through which your app&#8217;s users can verify who they are to
 your application. You do this by writing code that uses their
 username and password as credentials to initially authenticate with
 your application, then uses a token thereafter. (This authentication
 style supports the OAuth 2.0 model.) For more information, see
 <a class="reference external" href="autheticating-users-and-application-clients.html">Authenticating users &amp; app
 clients</a>.</li>
 <li>Be sure to use coding best practices that help ensure that your app
 is protected from malicious attacks. For more information, see
 <a class="reference external" href="security-best-practices.html">Security best practices</a>.</li>
 </ol>
 <p>The following illustration describes these high-level areas.</p>
 <img alt="../_images/securitymodel0.png" src="../_images/securitymodel0.png" />
 </div>


            </div>
           </div>
           <footer>

     <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">

         <a href="using-permissions.html" class="btn btn-neutral float-right" title="Using permissions" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>


         <a href="../push-notifications/troubleshooting.html" class="btn btn-neutral" title="Troubleshooting" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>

     </div>


   <hr/>

   <div role="contentinfo">
     <p>
         &copy; Copyright 2013-2015, Apache Usergrid.

     </p>
   </div>
   Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.

 </footer>

         </div>
       </div>

     </section>

   </div>


     <script type="text/javascript">
         var DOCUMENTATION_OPTIONS = {
             URL_ROOT:'../',
             VERSION:'1.0',
             COLLAPSE_INDEX:false,
             FILE_SUFFIX:'.html',
             HAS_SOURCE:  true
         };
     </script>
       <script type="text/javascript" src="../_static/jquery.js"></script>
       <script type="text/javascript" src="../_static/underscore.js"></script>
       <script type="text/javascript" src="../_static/doctools.js"></script>


     <script type="text/javascript" src="../_static/js/theme.js"></script>


   <script type="text/javascript">
       jQuery(function () {
           SphinxRtdTheme.StickyNav.enable();
       });
   </script>


 </body>
 </html>


	<!DOCTYPE html>
	<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
	<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
	<head>
	<meta charset="utf-8">

	<meta name="viewport" content="width=device-width, initial-scale=1.0">

	<title>Security & token authentication — Apache Usergrid 1.0 documentation</title>















	<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />





	<link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
	<link rel="next" title="Using permissions" href="using-permissions.html"/>
	<link rel="prev" title="Troubleshooting" href="../push-notifications/troubleshooting.html"/>


	<script src="../_static/js/modernizr.min.js"></script>

	</head>

	<body class="wy-body-for-nav" role="document">

	<div class="wy-grid-for-nav">


	<nav data-toggle="wy-nav-shift" class="wy-nav-side">
	<div class="wy-side-nav-search">



	<a href="../index.html" class="icon icon-home"> Apache Usergrid



	</a>




	<div class="version">
	1.0
	</div>




	<div role="search">
	<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
	<input type="text" name="q" placeholder="Search docs" />
	<input type="hidden" name="check_keywords" value="yes" />
	<input type="hidden" name="area" value="default" />
	</form>
	</div>


	</div>

	<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">



	<p class="caption"><span class="caption-text">Getting Started</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../introduction/overview.html">Getting Started</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Using Usergrid</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-account.html">Creating a Usergrid Account</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-a-new-application.html">Creating a new application</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-the-api.html">Using the API</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Data Storage</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Data Queries</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Entity Connections</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Push Notifications</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/overview.html">Push notifications overview</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/adding-push-support.html">Adding push notifications support</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/getting-started.html">Getting started with push notifications</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/tutorial.html">Tutorial: Push notifications sample app</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/registering.html">Registering with a notification service</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-notifiers.html">Creating notifiers</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/managing-users-and-devices.html">Managing users and devices</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-and-managing-notifications.html">Creating and managing notifications</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/troubleshooting.html">Troubleshooting</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Security & Authentication</span></p>
	<ul class="current">
	<li class="toctree-l1 current"><a class="current reference internal" href="">Security & token authentication</a></li>
	<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
	<li class="toctree-l1"><a class="reference internal" href="using-roles.html">Using roles</a></li>
	<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li>
	<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li>
	<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
	<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
	<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
	<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
	<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li>
	</ul>
	<p class="caption"><span class="caption-text">User Management & Social Graph</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Geo-location</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Assets & Files</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/uploading-assets.html">Uploading assets</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/retrieving-assets.html">Retrieving assets</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/folders.html">Folders</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Counters & Events</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Organizations & Applications</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/admin-user.html">Admin user</a></li>
	</ul>
	<p class="caption"><span class="caption-text">API Reference</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#sub-types">Sub-Types</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Client SDKs</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Installing Usergrid</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../installation/deployment-guide.html">Usergrid 2.1.0 Deployment Guide</a></li>
	</ul>
	<p class="caption"><span class="caption-text">More about Usergrid</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li>
	</ul>



	</div>

	</nav>

	<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">


	<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
	<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
	<a href="../index.html">Apache Usergrid</a>
	</nav>



	<div class="wy-nav-content">
	<div class="rst-content">
	<div role="navigation" aria-label="breadcrumbs navigation">
	<ul class="wy-breadcrumbs">
	<li><a href="../index.html">Docs</a> »</li>

	<li>Security & token authentication</li>
	<li class="wy-breadcrumbs-aside">


	<a href="../_sources/security-and-auth/app-security.txt" rel="nofollow"> View page source</a>


	</li>
	</ul>
	<hr/>
	</div>
	<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
	<div itemprop="articleBody">

	<div class="section" id="security-token-authentication">
	<h1>Security & token authentication<a class="headerlink" href="#security-token-authentication" title="Permalink to this headline">¶</a></h1>
	<p>Any app you put into production should feature security that protects
	your app, your users, and your app’s data. Implementing security means
	taking steps in your mobile app’s code and in your API Services BaaS
	application.</p>
	<p><strong>Important</strong>: When you register for the API Services BaaS, you get a
	sandbox application that you can use to try things out. This application
	is not for use in production. By default, the sandbox application is not
	protected by any security measures whatsoever. Use the sandbox only for
	experimentation, and only with data that isn’t in any way sensitive.</p>
	<p>When securing your app, follow these high-level steps:</p>
	<ol class="arabic simple">
	<li>Define the rules that will govern access by your app’s users to your
	app’s data and features. You do this with the admin portal by
	creating permission rules, then associating those rules with your
	users. For more information, see <a class="reference external" href="managing-access-defining-permission-rules.html">Using
	Permissions</a>.</li>
	<li>Write code through which your app’s users can verify who they are to
	your application. You do this by writing code that uses their
	username and password as credentials to initially authenticate with
	your application, then uses a token thereafter. (This authentication
	style supports the OAuth 2.0 model.) For more information, see
	<a class="reference external" href="autheticating-users-and-application-clients.html">Authenticating users & app
	clients</a>.</li>
	<li>Be sure to use coding best practices that help ensure that your app
	is protected from malicious attacks. For more information, see
	<a class="reference external" href="security-best-practices.html">Security best practices</a>.</li>
	</ol>
	<p>The following illustration describes these high-level areas.</p>
	<img alt="../_images/securitymodel0.png" src="../_images/securitymodel0.png" />
	</div>


	</div>
	</div>
	<footer>

	<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">

	<a href="using-permissions.html" class="btn btn-neutral float-right" title="Using permissions" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>


	<a href="../push-notifications/troubleshooting.html" class="btn btn-neutral" title="Troubleshooting" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>

	</div>


	<hr/>

	<div role="contentinfo">
	<p>
	© Copyright 2013-2015, Apache Usergrid.

	</p>
	</div>
	Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.

	</footer>

	</div>
	</div>

	</section>

	</div>





	<script type="text/javascript">
	var DOCUMENTATION_OPTIONS = {
	URL_ROOT:'../',
	VERSION:'1.0',
	COLLAPSE_INDEX:false,
	FILE_SUFFIX:'.html',
	HAS_SOURCE: true
	};
	</script>
	<script type="text/javascript" src="../_static/jquery.js"></script>
	<script type="text/javascript" src="../_static/underscore.js"></script>
	<script type="text/javascript" src="../_static/doctools.js"></script>





	<script type="text/javascript" src="../_static/js/theme.js"></script>




	<script type="text/javascript">
	jQuery(function () {
	SphinxRtdTheme.StickyNav.enable();
	});
	</script>


	</body>
	</html>