For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Endpoints of the MobileFirst Server production server

We can create whitelists and blacklists for the endpoints of the IBM MobileFirstâ„¢ Platform Server.

Note: Information regarding URLs that are exposed by IBM MobileFirst Platform Foundation is provided as a guideline. Organizations must ensure the URLs are tested in an enterprise infrastructure, based on what has been enabled for white and black lists.

Table 1. MobileFirst runtime endpoints
API URL under <runtime context root>/api/ Description Suggested for whitelist?
/adapterdoc/* Return the adapter's Swagger documentation for the named adapter No. Used only internally by the administrator and the developers
/adapters/* Adapters serving Yes
/az/v1/authorization/* Authorize the client to access a specific scope Yes
/az/v1/introspection Introspect the client's access token No. This API is for confidential clients only.
/az/v1/token Generate an access token for the client Yes
/clientLogProfile/* Get client log profile Yes
/directupdate/* Get Direct Update .zip file Yes, if you plan to use Direct Update
/loguploader Upload client logs to server Yes
/preauth/v1/heartbeat Accept heartbeat from the client and note the last activity time Yes
/preauth/v1/logout Log out from a security check Yes
/preauth/v1/preauthorize Map and execute security checks for a specific scope Yes
/reach The server is reachable No, for internal use only
/registration/v1/clients/* Registration-service clients API No. This API is for confidential clients only.
/registration/v1/self/* Registration-service client self-registration API Yes

Table 2. MobileFirst admin endpoints
API URL under <admin context root> Description Suggested for whitelist?
/management-apis/2.0/* All the REST APIs of MobileFirst administration service. Yes. If the client accessing the API is not behind the firewall where the MobileFirst Server is running.

No. If the client that accesses the API and the MobileFirst Server are both running behind the firewall.

Parent topic: Configuring MobileFirst Server