For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Security for push notification clients

Every client interacting with push must provide a valid access token with the required scopes.

For mobile client applications, IBM MobileFirstâ„¢ Platform Foundation SDK orchestrates the OAuth flow so that the mobile client application obtains a valid access token with the required scope.

The back-end server applications must register as confidential clients and must also implement the OAuth flow with the IBM MobileFirst Platform Foundation authorization server to obtain a valid access token with the required scopes.

For information on push scopes and the semantics that server applications can use as appropriate when obtaining a token, see Table 1. For information on configuring a confidential client, see Confidential clients.

Table 1. Push scopes and semantics
Scope Meaning
apps.read Permission to read application resource.
apps.write Permission to create, update, delete application resource.
gcmConf.read Permission to read GCM configuration settings (API Key and SenderId).
gcmConf.write Permission to update, delete GCM configuration settings.
apnsConf.read Permission to read APNs configuration settings.
apnsConf.write Permission to update, delete APNs configuration settings.
devices.read Permission to read device.
devices.write Permission to create, update delete device.
subscriptions.read Permission to read subscriptions.
subscriptions.write Permission to create, update, delete subscriptions.
messages.write Permission to send push notifications.
webhooks.write Permission to read event-notifications.
webhooks.read Permission to read event-notifications.
smsConf.read Permission to read SMS configuration settings.
smsConf.write Permission to update, delete SMS configuration settings.
wnsConf.read Permission to read WNS configuration settings.
wnsConf.write Permission to update, delete WNS configuration settings.

Parent topic: Push notification

Related links

Obtaining tokens