App Security Overview

Any app you put into production should feature security that protects your app, your users, and your app's data. Implementing security means taking steps in your mobile app's code and in your App Services application.

When securing your app, follow these high-level steps:

  1. In your App Services application, use the admin portal to define your app users' access to your app's data and features. You do this by creating permission rules, then associating those rules with your users. For more information, see Managing access by defining permission rules.
  2. In your app, write code through which your app's users can verify who they are to your App Services application. You do this by writing code that uses their username and password as credentials to initially authenticate with the App Services application, then uses a token thereafter. (This authentication style supports the OAuth 2.0 model.) For more information, see Authenticating users and application clients.
  3. Be sure to use coding best practices that help ensure that your app is protected from malicious attacks. For more information, see Security best practices.

The following illustration describes these high-level areas.