http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/revoking-tokens-logout.html ---------------------------------------------------------------------- diff --git a/content/docs/security-and-auth/revoking-tokens-logout.html b/content/docs/security-and-auth/revoking-tokens-logout.html new file mode 100644 index 0000000..f9b899a --- /dev/null +++ b/content/docs/security-and-auth/revoking-tokens-logout.html @@ -0,0 +1,342 @@ + + +<!DOCTYPE html> +<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> +<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> +<head> + <meta charset="utf-8"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <title>Revoking tokens (logout) — Apache Usergrid 1.0 documentation</title> + + + + + + + + + + + + + + + + <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> + + + + + + <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/> + <link rel="next" title="Facebook sign in" href="facebook-sign.html"/> + <link rel="prev" title="Authenticating API requests" href="authenticating-api-requests.html"/> + + + <script src="../_static/js/modernizr.min.js"></script> + +</head> + +<body class="wy-body-for-nav" role="document"> + + <div class="wy-grid-for-nav"> + + + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-nav-search"> + + + + <a href="../index.html" class="icon icon-home"> Apache Usergrid + + + + </a> + + + + + <div class="version"> + 1.0 + </div> + + + + +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + + + </div> + + <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> + + + + <p class="caption"><span class="caption-text">Introduction</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> +</ul> +<p class="caption"><span class="caption-text">Getting Started</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Storage</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Queries</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> +</ul> +<p class="caption"><span class="caption-text">Entity Connections</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Security & Authentication</span></p> +<ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> +<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li> +<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li> +<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> +<li class="toctree-l1 current"><a class="current reference internal" href="">Revoking tokens (logout)</a><ul> +<li class="toctree-l2"><a class="reference internal" href="#revoking-tokens-user-logout">Revoking tokens (user logout)</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#request-syntax">Request syntax</a></li> +<li class="toctree-l3"><a class="reference internal" href="#example-request">Example request</a></li> +<li class="toctree-l3"><a class="reference internal" href="#revoking-admin-user-tokens">Revoking admin user tokens</a></li> +</ul> +</li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li> +<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li> +</ul> +<p class="caption"><span class="caption-text">User Management & Social Graph</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> +</ul> +<p class="caption"><span class="caption-text">Geo-location</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Assets & Files</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li> +</ul> +<p class="caption"><span class="caption-text">Counters & Events</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> +</ul> +<p class="caption"><span class="caption-text">Organizations & Applications</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> +</ul> +<p class="caption"><span class="caption-text">API Reference</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> +</ul> +<p class="caption"><span class="caption-text">Client SDKs</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> +</ul> +<p class="caption"><span class="caption-text">Installing the Stack</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li> +</ul> +<p class="caption"><span class="caption-text">More about Usergrid</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> +<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> +</ul> + + + + </div> + + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> + + + <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">Apache Usergrid</a> + </nav> + + + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="breadcrumbs navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html">Docs</a> »</li> + + <li>Revoking tokens (logout)</li> + <li class="wy-breadcrumbs-aside"> + + + <a href="../_sources/security-and-auth/revoking-tokens-logout.txt" rel="nofollow"> View page source</a> + + + </li> + </ul> + <hr/> +</div> + <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> + <div itemprop="articleBody"> + + <div class="section" id="revoking-tokens-logout"> +<h1>Revoking tokens (logout)<a class="headerlink" href="#revoking-tokens-logout" title="Permalink to this headline">¶</a></h1> +<p>Under certain circumstances, you may need to explicitly revoke one or +more tokens associated with a user entity, such as when a user logs out +of your app. This is accomplished by making a PUT request to the +/revoketoken and /revoketokens endpoints.</p> +<div class="section" id="revoking-tokens-user-logout"> +<h2>Revoking tokens (user logout)<a class="headerlink" href="#revoking-tokens-user-logout" title="Permalink to this headline">¶</a></h2> +<p>If a user has been logged in using the Usergrid iOS, Android, JavaScript +or node.JS SDKs, the returned token is automatically stored in the +UsergridDataClient (iOS), DataClient (Android), Usergrid.Client +(JavaScript), Usergrid.Client (node.JS) class instance. Calling the +logout method of the SDK will destroy the token on the server, as well +as in the client object.</p> +<div class="section" id="request-syntax"> +<h3>Request syntax<a class="headerlink" href="#request-syntax" title="Permalink to this headline">¶</a></h3> +<p>Revoke all tokens associated with a user entity</p> +<div class="highlight-python"><div class="highlight"><pre>curl -X PUT https://api.usergrid.com/<org_name>/<app_name>/users/<user_uuid_or_username>/revoketokens +</pre></div> +</div> +<p>Revoke a specific token associated with a user entity</p> +<div class="highlight-python"><div class="highlight"><pre>curl -X PUT https://api.usergrid.com/<org_name>/<app_name>/users/<user_uuid_or_username>/revoketoken?token=<token_to_revoke> +</pre></div> +</div> +</div> +<div class="section" id="example-request"> +<h3>Example request<a class="headerlink" href="#example-request" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X PUT https://api.usergrid.com/your-org/your-app/users/someUser/revoketokens +</pre></div> +</div> +<p>Example response</p> +<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> + <span class="s">"action"</span> <span class="p">:</span> <span class="s">"revoked user token"</span><span class="p">,</span> + <span class="s">"timestamp"</span> <span class="p">:</span> <span class="mi">1382050891455</span><span class="p">,</span> + <span class="s">"duration"</span> <span class="p">:</span> <span class="mi">24</span> +<span class="p">}</span> +</pre></div> +</div> +</div> +<div class="section" id="revoking-admin-user-tokens"> +<h3>Revoking admin user tokens<a class="headerlink" href="#revoking-admin-user-tokens" title="Permalink to this headline">¶</a></h3> +<p>The /revoketoken and /revoketokens endpoints also work for revoking +admin user tokens by making a PUT request to /management/users//</p> +</div> +</div> +</div> + + + </div> + </div> + <footer> + + <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> + + <a href="facebook-sign.html" class="btn btn-neutral float-right" title="Facebook sign in" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> + + + <a href="authenticating-api-requests.html" class="btn btn-neutral" title="Authenticating API requests" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> + + </div> + + + <hr/> + + <div role="contentinfo"> + <p> + © Copyright 2013-2015, Apache Usergrid. + + </p> + </div> + Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. + +</footer> + + </div> + </div> + + </section> + + </div> + + + + + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT:'../', + VERSION:'1.0', + COLLAPSE_INDEX:false, + FILE_SUFFIX:'.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + + + + + + <script type="text/javascript" src="../_static/js/theme.js"></script> + + + + + <script type="text/javascript"> + jQuery(function () { + SphinxRtdTheme.StickyNav.enable(); + }); + </script> + + +</body> +</html> \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/securing-your-app.html ---------------------------------------------------------------------- diff --git a/content/docs/security-and-auth/securing-your-app.html b/content/docs/security-and-auth/securing-your-app.html new file mode 100644 index 0000000..f0638cf --- /dev/null +++ b/content/docs/security-and-auth/securing-your-app.html @@ -0,0 +1,398 @@ + + +<!DOCTYPE html> +<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> +<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> +<head> + <meta charset="utf-8"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <title>Security best practices — Apache Usergrid 1.0 documentation</title> + + + + + + + + + + + + + + + + <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> + + + + + + <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/> + <link rel="next" title="User management & social graph" href="../user-management/user-management.html"/> + <link rel="prev" title="Facebook sign in" href="facebook-sign.html"/> + + + <script src="../_static/js/modernizr.min.js"></script> + +</head> + +<body class="wy-body-for-nav" role="document"> + + <div class="wy-grid-for-nav"> + + + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-nav-search"> + + + + <a href="../index.html" class="icon icon-home"> Apache Usergrid + + + + </a> + + + + + <div class="version"> + 1.0 + </div> + + + + +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + + + </div> + + <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> + + + + <p class="caption"><span class="caption-text">Introduction</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> +</ul> +<p class="caption"><span class="caption-text">Getting Started</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Storage</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Queries</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> +</ul> +<p class="caption"><span class="caption-text">Entity Connections</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Security & Authentication</span></p> +<ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> +<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li> +<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li> +<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> +<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li> +<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li> +<li class="toctree-l1 current"><a class="current reference internal" href="">Security best practices</a><ul> +<li class="toctree-l2"><a class="reference internal" href="#never-use-the-sandbox-for-a-production-app">Never use the ‘sandbox’ for a production app</a></li> +<li class="toctree-l2"><a class="reference internal" href="#review-permissions-in-your-apps">Review permissions in your apps</a></li> +<li class="toctree-l2"><a class="reference internal" href="#edit-the-default-role">Edit the ‘default’ role</a></li> +<li class="toctree-l2"><a class="reference internal" href="#use-https">Use https</a></li> +<li class="toctree-l2"><a class="reference internal" href="#acquire-access-tokens-in-a-secure-way">Acquire access tokens in a secure way</a></li> +<li class="toctree-l2"><a class="reference internal" href="#treat-mobile-clients-as-untrustworthy">Treat mobile clients as untrustworthy</a></li> +</ul> +</li> +</ul> +<p class="caption"><span class="caption-text">User Management & Social Graph</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> +</ul> +<p class="caption"><span class="caption-text">Geo-location</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Assets & Files</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li> +</ul> +<p class="caption"><span class="caption-text">Counters & Events</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> +</ul> +<p class="caption"><span class="caption-text">Organizations & Applications</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> +</ul> +<p class="caption"><span class="caption-text">API Reference</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> +</ul> +<p class="caption"><span class="caption-text">Client SDKs</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> +</ul> +<p class="caption"><span class="caption-text">Installing the Stack</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li> +</ul> +<p class="caption"><span class="caption-text">More about Usergrid</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> +<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> +</ul> + + + + </div> + + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> + + + <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">Apache Usergrid</a> + </nav> + + + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="breadcrumbs navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html">Docs</a> »</li> + + <li>Security best practices</li> + <li class="wy-breadcrumbs-aside"> + + + <a href="../_sources/security-and-auth/securing-your-app.txt" rel="nofollow"> View page source</a> + + + </li> + </ul> + <hr/> +</div> + <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> + <div itemprop="articleBody"> + + <div class="section" id="security-best-practices"> +<h1>Security best practices<a class="headerlink" href="#security-best-practices" title="Permalink to this headline">¶</a></h1> +<p>There a number of actions you should take to ensure that your app is +secure before you put it into production. The following is not an +exhaustive list, but offers some common best practices you should +consider following to keep your app secure when using the Usergrid.</p> +<div class="section" id="never-use-the-sandbox-for-a-production-app"> +<h2>Never use the ‘sandbox’ for a production app<a class="headerlink" href="#never-use-the-sandbox-for-a-production-app" title="Permalink to this headline">¶</a></h2> +<p>By default, every new Usergrid account has an app named âsandboxâ that +is already created under your new organization. This app is no different +than any other app that you might create, except that the Guest role has +been given full permissions (that is, /** for GET, POST, PUT, and +DELETE). This eliminates the need for a token when making application +level calls, and can make it much easier to get your app up and running; +however, it also means that any data in the sandbox application is +completely unsecured.</p> +<p>As with any other app, you can secure the sandbox application by +updating its roles and permissions. For more on working with permissions +and roles, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p> +</div> +<div class="section" id="review-permissions-in-your-apps"> +<h2>Review permissions in your apps<a class="headerlink" href="#review-permissions-in-your-apps" title="Permalink to this headline">¶</a></h2> +<p>Prior to launching your app into a production environment, it is +advisable to review all the roles and permissions you have set up, as +well as the groups and users you have assigned those permissions and +roles to. During development, you may find that you added various +permissions which may or may not still be required once the app is +complete. Review all permissions and delete any that are no longer +required.</p> +<p>Prior to taking your app live, you should secure it by removing any +unnecesary Guest permissions. (See <a class="reference external" href="using-permissions.html">Using +Permissions</a> for further information about +setting permissions.) After you secure your the app, any calls to the +API will need to include an OAuth token. Oauth tokens (also called +access tokens) are obtained by the API in response to successful +authentication calls. Your app saves the token and uses it for all +future calls during that session. Learn more about access tokens in +Authenticating users and application clients.</p> +</div> +<div class="section" id="edit-the-default-role"> +<h2>Edit the ‘default’ role<a class="headerlink" href="#edit-the-default-role" title="Permalink to this headline">¶</a></h2> +<p>When preparing an application for production use, a good first step is +to edit permission rules for the Default role. The permissions in this +role will be applied to every user who authenticates with a valid access +token.</p> +<p>For example, in the Default role, you will most likely first want to +remove the permission rule that grants full access to all authenticated +users:</p> +<div class="highlight-python"><div class="highlight"><pre>GET,PUT,POST,DELETE:/users/me/** +</pre></div> +</div> +<p>For more on roles, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p> +<p>Review test accounts If you created any test user or test administrator +accounts during development, these should also be reviewed for relevancy +and security. Delete any test accounts that are no longer needed. If +these accounts are still needed, make sure that passwords have been +secured to the standards required by your app.</p> +</div> +<div class="section" id="use-https"> +<h2>Use https<a class="headerlink" href="#use-https" title="Permalink to this headline">¶</a></h2> +<p>Make sure that any calls you make to the API are done using the secure +https protocol, and not the insecure http protocol.</p> +<p>If your app is a web app, that is, an app served by a web server, make +sure that the app is served using https.</p> +</div> +<div class="section" id="acquire-access-tokens-in-a-secure-way"> +<h2>Acquire access tokens in a secure way<a class="headerlink" href="#acquire-access-tokens-in-a-secure-way" title="Permalink to this headline">¶</a></h2> +<p>There are various methods for acquiring an access token (see +<a class="reference external" href="authenticating-users-and-application-clients.html">Authenticating users and application +clients</a>. One +method is to use the application or organization level client +secret-client id combination. This method should not be used in client +applications (this is, apps that are deployed to a device, and which +authenticate and make calls against the API).</p> +<p>Thatâs because a hacker could analyze your app (even a compiled, binary +distribution of your app), and retrieve the secret-id combination. Armed +with this information, an attacker could gain full access to the data in +your account.</p> +<p>Instead, use application user credentials. This means that your appâs +users should provide a username and password. Your app would use these +to authenticate against the API and retrieve an access token.</p> +<p>The client secret-client id combination should be used only in secure, +server-side applications where there is no possibility of a hacker +gaining control of the credentials.</p> +</div> +<div class="section" id="treat-mobile-clients-as-untrustworthy"> +<h2>Treat mobile clients as untrustworthy<a class="headerlink" href="#treat-mobile-clients-as-untrustworthy" title="Permalink to this headline">¶</a></h2> +<p>For mobile access, it is recommended that you connect as an application +user with configured access control policies. Mobile applications are +inherently untrusted because they can be easily examined and even +decompiled.</p> +<p>Any credentials stored in a mobile app should be considered secure only +to the Application User level. This means that if you donât want the +user to be able to access or delete data in your Usergrid application, +you need to make sure that you donât enable that capability through +roles or permissions. Because most web applications talk to the database +using some elevated level of permissions, such as root, itâs generally a +good idea for mobile applications to connect with a more restricted set +of permissions. For more information on restricting access through +permission rules, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p> +</div> +</div> + + + </div> + </div> + <footer> + + <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> + + <a href="../user-management/user-management.html" class="btn btn-neutral float-right" title="User management & social graph" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> + + + <a href="facebook-sign.html" class="btn btn-neutral" title="Facebook sign in" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> + + </div> + + + <hr/> + + <div role="contentinfo"> + <p> + © Copyright 2013-2015, Apache Usergrid. + + </p> + </div> + Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. + +</footer> + + </div> + </div> + + </section> + + </div> + + + + + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT:'../', + VERSION:'1.0', + COLLAPSE_INDEX:false, + FILE_SUFFIX:'.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + + + + + + <script type="text/javascript" src="../_static/js/theme.js"></script> + + + + + <script type="text/javascript"> + jQuery(function () { + SphinxRtdTheme.StickyNav.enable(); + }); + </script> + + +</body> +</html> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/user-authentication-types.html ---------------------------------------------------------------------- diff --git a/content/docs/security-and-auth/user-authentication-types.html b/content/docs/security-and-auth/user-authentication-types.html new file mode 100644 index 0000000..7e8f76d --- /dev/null +++ b/content/docs/security-and-auth/user-authentication-types.html @@ -0,0 +1,399 @@ + + +<!DOCTYPE html> +<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> +<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> +<head> + <meta charset="utf-8"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <title>Authentication levels — Apache Usergrid 1.0 documentation</title> + + + + + + + + + + + + + + + + <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> + + + + + + <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/> + <link rel="next" title="Changing token expiration (time-to-live)" href="changing-token-time-live-ttl.html"/> + <link rel="prev" title="Authenticating users & app clients" href="authenticating-users-and-application-clients.html"/> + + + <script src="../_static/js/modernizr.min.js"></script> + +</head> + +<body class="wy-body-for-nav" role="document"> + + <div class="wy-grid-for-nav"> + + + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-nav-search"> + + + + <a href="../index.html" class="icon icon-home"> Apache Usergrid + + + + </a> + + + + + <div class="version"> + 1.0 + </div> + + + + +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + + + </div> + + <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> + + + + <p class="caption"><span class="caption-text">Introduction</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> +</ul> +<p class="caption"><span class="caption-text">Getting Started</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Storage</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Queries</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> +</ul> +<p class="caption"><span class="caption-text">Entity Connections</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Security & Authentication</span></p> +<ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> +<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li> +<li class="toctree-l1 current"><a class="current reference internal" href="">Authentication levels</a><ul> +<li class="toctree-l2"><a class="reference internal" href="#configuring-authentication-levels">Configuring authentication levels</a></li> +<li class="toctree-l2"><a class="reference internal" href="#user-authentication-level">User authentication level</a></li> +<li class="toctree-l2"><a class="reference internal" href="#admin-authentication-levels">Admin authentication levels</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> +<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li> +<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li> +<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li> +</ul> +<p class="caption"><span class="caption-text">User Management & Social Graph</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> +</ul> +<p class="caption"><span class="caption-text">Geo-location</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Assets & Files</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li> +</ul> +<p class="caption"><span class="caption-text">Counters & Events</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> +</ul> +<p class="caption"><span class="caption-text">Organizations & Applications</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> +</ul> +<p class="caption"><span class="caption-text">API Reference</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> +</ul> +<p class="caption"><span class="caption-text">Client SDKs</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> +</ul> +<p class="caption"><span class="caption-text">Installing the Stack</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li> +</ul> +<p class="caption"><span class="caption-text">More about Usergrid</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> +<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> +</ul> + + + + </div> + + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> + + + <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">Apache Usergrid</a> + </nav> + + + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="breadcrumbs navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html">Docs</a> »</li> + + <li>Authentication levels</li> + <li class="wy-breadcrumbs-aside"> + + + <a href="../_sources/security-and-auth/user-authentication-types.txt" rel="nofollow"> View page source</a> + + + </li> + </ul> + <hr/> +</div> + <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> + <div itemprop="articleBody"> + + <div class="section" id="authentication-levels"> +<h1>Authentication levels<a class="headerlink" href="#authentication-levels" title="Permalink to this headline">¶</a></h1> +<p>Usergrid supports four levels of authentication, but only one of them is +used when checking a registered user’s permissions. The other three +levels are useful for authenticating other application or web clients +that require higher-level access to your Usergrid application or +organization. Because the scope of access that the other authentication +levels provide is so broad (and as a result, so powerful), it’s a bad +practice to use them from a mobile app. Instead, they’re better suited +to other client apps, such as web applications.</p> +<div class="section" id="configuring-authentication-levels"> +<h2>Configuring authentication levels<a class="headerlink" href="#configuring-authentication-levels" title="Permalink to this headline">¶</a></h2> +<p>Access permissions can only be configured for the ‘application user’ â +this can be done both programmatically and in the admin portal. The +application, organization and admin clients cannot be configured, and +can only be accessed programmatically via the API.</p> +<p>For more about creating and managing roles and permissions for +application users, see Managing access by defining permission rules. For +a look at how security features fit together, see App Security Overview.</p> +</div> +<div class="section" id="user-authentication-level"> +<h2>User authentication level<a class="headerlink" href="#user-authentication-level" title="Permalink to this headline">¶</a></h2> +<table class="usergrid-table"> +<tr> + <th><p>Authentication Level</p> +</th> + <th><p>Description</p> +</th> +</tr> +<tr> + <td><p>Application user</p> +</td> + <td><p>This is the standard authentication type you will use to implement user +login for your app. The application user level allows access to your +Usergrid application as governed by the permission rules you create and +associated with users and user groups. For more on setting permissions +see Managing access by defining permission rules. Each Application User +is represented by a User entity in your Usergrid application. For more +about the User entity, see User.</p> +</td> +</tr> +</table></div> +<div class="section" id="admin-authentication-levels"> +<h2>Admin authentication levels<a class="headerlink" href="#admin-authentication-levels" title="Permalink to this headline">¶</a></h2> +<div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p> + </p> <p class="last"> + + +Warning: Safe use of admin authentication levels. Never use client ID<p>and client secret, or any hard-coded credentials to authenticate this +way from a client-side app, such as a mobile app. A hacker could analyze +your app and extract the credentials for malicious use even if those +credentials are compiled and in binary format. Even when authenticating +with username and password, be cautious when using these authentication +levels since they grant broad access to your Usergrid account. See “safe +mobile access” in Authenticating API requests for additional +considerations in keeping access to your app and its data secure.</p> +</p></div> + +<table class="usergrid-table"> +<tr> + <th><p>Authentication Level</p> +</th> + <th><p>Description</p> +</th> +</tr> +<tr> + <td><p>Application client</p> +</td> + <td><p>Grants full access to perform any operation on an Usergrid application +(but not other applications within the same organization).</p> +<p><p>Authentication at this level is useful in a server-side application (not +a mobile app) that needs access to resources through the Usergrid API. +For example, imagine you created a website that lists every hiking trail +in the Rocky Mountains. You would want anyone to be able to view the +content, but would not want them to access the Usergrid API and all your +data directly. Instead, you would authenticate as an application client +in your server-side code to access the data via the API in order to +serve it to your website’s visitors.</p> +</p></td> +</tr> +<tr> + <td><p>Organization client</p> +</td> + <td><p>Grants full access to perform any operation on an Usergrid organization.</p> +<p><p>This authentication level provides the greatest amount of access to an +individual organization, allowing a client to perform any operation on +an Usergrid organization and any applications in that organization. This +level of access should be used sparingly and carefully.</p> +</p></td> +</tr> +<tr> + <td><p>Admin user</p> +</td> + <td><p>Allows full access to perform any operation on all organization accounts +of which the admin user is a member.</p> +<p><p>This authentication level is useful from applications that provide +organization-wide administration features. For example, the Usergrid +admin portal uses this level of access because it requires full access +to the administration features.</p> +</p><p>Unless you have a specific need for administrative features, such as to +run test scripts that require access to management functionality, you +should not use the admin user authentication level.</p> +</td> +</tr> +</table></div> +</div> + + + </div> + </div> + <footer> + + <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> + + <a href="changing-token-time-live-ttl.html" class="btn btn-neutral float-right" title="Changing token expiration (time-to-live)" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> + + + <a href="authenticating-users-and-application-clients.html" class="btn btn-neutral" title="Authenticating users & app clients" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> + + </div> + + + <hr/> + + <div role="contentinfo"> + <p> + © Copyright 2013-2015, Apache Usergrid. + + </p> + </div> + Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. + +</footer> + + </div> + </div> + + </section> + + </div> + + + + + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT:'../', + VERSION:'1.0', + COLLAPSE_INDEX:false, + FILE_SUFFIX:'.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + + + + + + <script type="text/javascript" src="../_static/js/theme.js"></script> + + + + + <script type="text/javascript"> + jQuery(function () { + SphinxRtdTheme.StickyNav.enable(); + }); + </script> + + +</body> +</html> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/using-permissions.html ---------------------------------------------------------------------- diff --git a/content/docs/security-and-auth/using-permissions.html b/content/docs/security-and-auth/using-permissions.html new file mode 100644 index 0000000..9151f01 --- /dev/null +++ b/content/docs/security-and-auth/using-permissions.html @@ -0,0 +1,510 @@ + + +<!DOCTYPE html> +<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> +<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> +<head> + <meta charset="utf-8"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <title>Using permissions — Apache Usergrid 1.0 documentation</title> + + + + + + + + + + + + + + + + <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> + + + + + + <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/> + <link rel="next" title="Authenticating users & app clients" href="authenticating-users-and-application-clients.html"/> + <link rel="prev" title="Security & token authentication" href="app-security.html"/> + + + <script src="../_static/js/modernizr.min.js"></script> + +</head> + +<body class="wy-body-for-nav" role="document"> + + <div class="wy-grid-for-nav"> + + + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-nav-search"> + + + + <a href="../index.html" class="icon icon-home"> Apache Usergrid + + + + </a> + + + + + <div class="version"> + 1.0 + </div> + + + + +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + + + </div> + + <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> + + + + <p class="caption"><span class="caption-text">Introduction</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> +</ul> +<p class="caption"><span class="caption-text">Getting Started</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Storage</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Queries</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> +</ul> +<p class="caption"><span class="caption-text">Entity Connections</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Security & Authentication</span></p> +<ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> +<li class="toctree-l1 current"><a class="current reference internal" href="">Using permissions</a><ul> +<li class="toctree-l2"><a class="reference internal" href="#permissions-syntax">Permissions syntax</a></li> +<li class="toctree-l2"><a class="reference internal" href="#complex-paths">Complex paths</a></li> +<li class="toctree-l2"><a class="reference internal" href="#assigning-permissions">Assigning permissions</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#request-syntax">Request syntax</a></li> +<li class="toctree-l3"><a class="reference internal" href="#example-request">Example request</a></li> +<li class="toctree-l3"><a class="reference internal" href="#example-response">Example response</a></li> +</ul> +</li> +<li class="toctree-l2"><a class="reference internal" href="#removing-permissions">Removing permissions</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#id1">Request syntax</a></li> +<li class="toctree-l3"><a class="reference internal" href="#id2">Example request</a></li> +<li class="toctree-l3"><a class="reference internal" href="#id3">Example response</a></li> +</ul> +</li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li> +<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li> +<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> +<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li> +<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li> +<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li> +</ul> +<p class="caption"><span class="caption-text">User Management & Social Graph</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> +</ul> +<p class="caption"><span class="caption-text">Geo-location</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Assets & Files</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li> +</ul> +<p class="caption"><span class="caption-text">Counters & Events</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> +</ul> +<p class="caption"><span class="caption-text">Organizations & Applications</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> +</ul> +<p class="caption"><span class="caption-text">API Reference</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> +</ul> +<p class="caption"><span class="caption-text">Client SDKs</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> +</ul> +<p class="caption"><span class="caption-text">Installing the Stack</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li> +</ul> +<p class="caption"><span class="caption-text">More about Usergrid</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> +<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> +</ul> + + + + </div> + + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> + + + <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">Apache Usergrid</a> + </nav> + + + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="breadcrumbs navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html">Docs</a> »</li> + + <li>Using permissions</li> + <li class="wy-breadcrumbs-aside"> + + + <a href="../_sources/security-and-auth/using-permissions.txt" rel="nofollow"> View page source</a> + + + </li> + </ul> + <hr/> +</div> + <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> + <div itemprop="articleBody"> + + <div class="section" id="using-permissions"> +<h1>Using permissions<a class="headerlink" href="#using-permissions" title="Permalink to this headline">¶</a></h1> +<p>Permissions allow you to define user access to perform GET, POST, PUT, +or DELETE operations on specific resources. When the user submits a +request via your app code to the Usergrid API, the userâs permissions +are checked against the resource paths that the user is trying to +access. The request succeeds only if access to the resource is allowed +by the permission rules you specify.</p> +<div class="section" id="permissions-syntax"> +<h2>Permissions syntax<a class="headerlink" href="#permissions-syntax" title="Permalink to this headline">¶</a></h2> +<p>In Usergrid, permissions are represented in the following format:</p> +<div class="highlight-python"><div class="highlight"><pre><operations>:<resource_path> +</pre></div> +</div> +<ul class="simple"> +<li><code class="docutils literal"><span class="pre"><operations></span></code>: A comma-delimited set of HTTP methods (<code class="docutils literal"><span class="pre">GET</span></code>, +<code class="docutils literal"><span class="pre">PUT</span></code>, <code class="docutils literal"><span class="pre">POST</span></code>, <code class="docutils literal"><span class="pre">DELETE</span></code>) that are allowed for the specified +resource path. For example, <code class="docutils literal"><span class="pre">get</span></code>, <code class="docutils literal"><span class="pre">post</span></code> would allow only +<code class="docutils literal"><span class="pre">GET</span></code> and <code class="docutils literal"><span class="pre">POST</span></code> requests to be made to the specified resource.</li> +<li><code class="docutils literal"><span class="pre"><resource_path></span></code>: The path to the resources to be accessed. For +example, <code class="docutils literal"><span class="pre">/users</span></code> would apply the permission to the users +collection, while <code class="docutils literal"><span class="pre">/users/Tom</span></code> would apply the permission to only +the user entity with username ‘Tom’.</li> +</ul> +</div> +<div class="section" id="complex-paths"> +<h2>Complex paths<a class="headerlink" href="#complex-paths" title="Permalink to this headline">¶</a></h2> +<p>Complex paths can be defined using <a class="reference external" href="http://ant.apache.org/manual/dirtasks.html#patterns">Apache Ant pattern +syntax</a>. The +following special path variables are supported for the construction of +complex paths:</p> +<table> +<tr> + <td><p>Parameter</p> +</td> + <td><p>Description</p> +</td> +</tr> +<tr> + <td><p>*</p> +</td> + <td><p>Treated as a wildcard. Assigns the permission to all paths at the +specified level in the path hierarchy. For example, <code class="docutils literal"><span class="pre">/*</span></code> would match +any collection, while <code class="docutils literal"><span class="pre">/users/Tom/*</span></code> would match /users/Tom/likes and +<code class="docutils literal"><span class="pre">/users/Tom/owns</span></code>.</p> +</td> +</tr> +<tr> + <td><p>**</p> +</td> + <td><p>Assigns the permission to the path recursively. For example, +<code class="docutils literal"><span class="pre">**/likes</span></code> would match <code class="docutils literal"><span class="pre">/likes</span></code> and <code class="docutils literal"><span class="pre">/users/likes</span></code>, while +<code class="docutils literal"><span class="pre">/users/**</span></code> would match <code class="docutils literal"><span class="pre">/users</span></code> and <code class="docutils literal"><span class="pre">/users/likes</span></code>.</p> +</td> +</tr> +<tr> + <td><p>${user}</p> +</td> + <td><p>Automatically sets the path segment to the UUID of the currently +authenticated user. For example, if you sent a request with a valid +access token for a user with UUID +<code class="docutils literal"><span class="pre">bd397ea1-a71c-3249-8a4c-62fd53c78ce7</span></code>, the path <code class="docutils literal"><span class="pre">/users/${user}</span></code> +would be interpreted as <code class="docutils literal"><span class="pre">/users/bd397ea1-a71c-3249-8a4c-62fd53c78ce7</span></code>, +assigning the permission only to that user entity.</p> +</td> +</tr> +</table></div> +<div class="section" id="assigning-permissions"> +<h2>Assigning permissions<a class="headerlink" href="#assigning-permissions" title="Permalink to this headline">¶</a></h2> +<p>Permissions can only be assigned to user, group or role entities. +Assigning permissions to roles can be particularly useful, as it allows +you to create sets of permissions that represent complex access +definitions, which can then be assigned to user and group entities. For +more on roles, see Using roles.</p> +<div class="section" id="request-syntax"> +<h3>Request syntax<a class="headerlink" href="#request-syntax" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/<org>/<app>/<collection>/<entity>/permissions -d '{"permission":<permissions>}' +</pre></div> +</div> +<p>Parameters</p> +<table border="1" class="docutils"> +<colgroup> +<col width="11%" /> +<col width="89%" /> +</colgroup> +<thead valign="bottom"> +<tr class="row-odd"><th class="head">Parameter</th> +<th class="head">Description</th> +</tr> +</thead> +<tbody valign="top"> +<tr class="row-even"><td>org</td> +<td>Organization UUID or organization name</td> +</tr> +<tr class="row-odd"><td>app</td> +<td>Application UUID or application name</td> +</tr> +<tr class="row-even"><td>collection</td> +<td>The collection of the entity that the permissions are to be assigned to.</td> +</tr> +<tr class="row-odd"><td>entity</td> +<td>The UUID of the entity to assign the permissions to. For users, username and for groups, name are also accepted.</td> +</tr> +<tr class="row-even"><td>permissions</td> +<td>The permissions to assign to the entity. See Permissions syntax for format.</td> +</tr> +</tbody> +</table> +<p>For collections, Valid values are users and groups.</p> +</div> +<div class="section" id="example-request"> +<h3>Example request<a class="headerlink" href="#example-request" title="Permalink to this headline">¶</a></h3> +<p>For example, the following cURL request would give the user ‘Tom’ POST +permission to the /users collection:</p> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/your-org/your-app/users/Tom/permissions -d '{"permission":"post:/users"}' +</pre></div> +</div> +</div> +<div class="section" id="example-response"> +<h3>Example response<a class="headerlink" href="#example-response" title="Permalink to this headline">¶</a></h3> +<p>The newly assigned permission is returned in the data property of the +response:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> + <span class="s">"action"</span> <span class="p">:</span> <span class="s">"post"</span><span class="p">,</span> + <span class="s">"application"</span> <span class="p">:</span> <span class="s">"f34f4222-a166-11e2-a7f7-02e81adcf3d0"</span><span class="p">,</span> + <span class="s">"params"</span> <span class="p">:</span> <span class="p">{</span> <span class="p">},</span> + <span class="s">"uri"</span> <span class="p">:</span> <span class="s">"https://api.usergrid.com/your-org/your-app"</span><span class="p">,</span> + <span class="s">"entities"</span> <span class="p">:</span> <span class="p">[</span> <span class="p">],</span> + <span class="s">"data"</span> <span class="p">:</span> <span class="p">[</span> <span class="s">"post:/users"</span> <span class="p">],</span> + <span class="s">"timestamp"</span> <span class="p">:</span> <span class="mi">1402349612382</span><span class="p">,</span> + <span class="s">"duration"</span> <span class="p">:</span> <span class="mi">19</span><span class="p">,</span> + <span class="s">"organization"</span> <span class="p">:</span> <span class="s">"your-org"</span><span class="p">,</span> + <span class="s">"applicationName"</span> <span class="p">:</span> <span class="s">"your-app"</span> +<span class="p">}</span> +</pre></div> +</div> +</div> +</div> +<div class="section" id="removing-permissions"> +<h2>Removing permissions<a class="headerlink" href="#removing-permissions" title="Permalink to this headline">¶</a></h2> +<p>Using a DELETE request, you can remove one of more permissions from a +user, group, or role entity.</p> +<div class="section" id="id1"> +<h3>Request syntax<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X DELETE https://api.usergrid.com/<org>/<app>/<collection>/<entity>/permissions?=<permissions> +</pre></div> +</div> +<p>Parameters</p> +<table border="1" class="docutils"> +<colgroup> +<col width="11%" /> +<col width="89%" /> +</colgroup> +<thead valign="bottom"> +<tr class="row-odd"><th class="head">Parameter</th> +<th class="head">Description</th> +</tr> +</thead> +<tbody valign="top"> +<tr class="row-even"><td>org</td> +<td>Organization UUID or organization name</td> +</tr> +<tr class="row-odd"><td>app</td> +<td>Application UUID or application name</td> +</tr> +<tr class="row-even"><td>collection</td> +<td>The collection of the entity that the permissions are to be assigned to. Valid values are users and groups.</td> +</tr> +<tr class="row-odd"><td>entity</td> +<td>The UUID of the entity to assign the permissions to. For users, username and for groups, name are also accepted.</td> +</tr> +<tr class="row-even"><td>permissions</td> +<td>The permissions to assign to the entity. See <a class="reference external" href="using-permissions.html">Permissions syntax</a> for format.</td> +</tr> +</tbody> +</table> +</div> +<div class="section" id="id2"> +<h3>Example request<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X DELETE https://api.usergrid.com/your-org/your-app/users/Tom/permissions?permission=post:/users +</pre></div> +</div> +</div> +<div class="section" id="id3"> +<h3>Example response<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h3> +<p>The deleted permission is returned in the params.permission property of +the response:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> + <span class="s">"action"</span> <span class="p">:</span> <span class="s">"delete"</span><span class="p">,</span> + <span class="s">"application"</span> <span class="p">:</span> <span class="s">"f34f4222-a166-11e2-a7f7-02e81adcf3d0"</span><span class="p">,</span> + <span class="s">"params"</span> <span class="p">:</span> <span class="p">{</span> + <span class="s">"permission"</span> <span class="p">:</span> <span class="p">[</span> <span class="s">"post:/users"</span> <span class="p">]</span> + <span class="p">},</span> + <span class="s">"uri"</span> <span class="p">:</span> <span class="s">"https://api.usergrid.com/your-org/your-app"</span><span class="p">,</span> + <span class="s">"entities"</span> <span class="p">:</span> <span class="p">[</span> <span class="p">],</span> + <span class="s">"data"</span> <span class="p">:</span> <span class="p">[</span> <span class="s">"post:/assets"</span> <span class="p">],</span> + <span class="s">"timestamp"</span> <span class="p">:</span> <span class="mi">1402349951530</span><span class="p">,</span> + <span class="s">"duration"</span> <span class="p">:</span> <span class="mi">20</span><span class="p">,</span> + <span class="s">"organization"</span> <span class="p">:</span> <span class="s">"your-org"</span><span class="p">,</span> + <span class="s">"applicationName"</span> <span class="p">:</span> <span class="s">"your-app"</span> +<span class="p">}</span> +</pre></div> +</div> +</div> +</div> +</div> + + + </div> + </div> + <footer> + + <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> + + <a href="authenticating-users-and-application-clients.html" class="btn btn-neutral float-right" title="Authenticating users & app clients" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> + + + <a href="app-security.html" class="btn btn-neutral" title="Security & token authentication" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> + + </div> + + + <hr/> + + <div role="contentinfo"> + <p> + © Copyright 2013-2015, Apache Usergrid. + + </p> + </div> + Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. + +</footer> + + </div> + </div> + + </section> + + </div> + + + + + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT:'../', + VERSION:'1.0', + COLLAPSE_INDEX:false, + FILE_SUFFIX:'.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + + + + + + <script type="text/javascript" src="../_static/js/theme.js"></script> + + + + + <script type="text/javascript"> + jQuery(function () { + SphinxRtdTheme.StickyNav.enable(); + }); + </script> + + +</body> +</html> \ No newline at end of file