We have made an important change to our tokens from the security perspective, resulting in two separate token types. These token types are Master token and Mobile Token.
Master token is the key to all of your account’s features. The Master token will grant access to all objects and all operations (CREATE, READ, UPDATE and DELETE). This is especially meant to be used when doing REST API calls with our endpoints. We strongly advise you to use this token with care and only use it in the mobile app when it is detrimental to the functionalities of the app.
There can only be one master token and this token cannot be deleted or changed. If you believe the master token has ended up in the wrong hands, please inform us immediately and we will change it for you.
On the mobile side we have made some precautionary security measures to prevent your master token ending up in the wrong hands. With the mobile token you get access to all objects with limited operations. If this token ends up to the wrong people, they don’t have the ability to delete and create any crucial elements of your setup.
With the Mobile token you READ for core objects like places, geofences etc. and READ & WRITE for position updates and event. This token is recommended to be used within mobile applications when using our SDK. This applies when you are integrating our SDK into your own application, when you are asked to provide our auth_token, you should use the Mobile token for this matter. More information can he found here: (https://proximi.io/part-8-integrating-app/)
NOTICE! There are exceptions to using the Mobile token in apps. In use cases where the app requires functionalities like CREATING and DELETING objects within the app, you would need to use the Master token.
You can create multiple Mobile tokens to with different setups and they can be changed and deleted, if needed.
These tokens can be found in our portal under the Manage Application section. If you have any further questions, feel free to email us or comment below.