App settings


Updated: June 16, 2015

Microsoft Azure Mobile Services enables you to securely store values as app settings, which can be accessed by your server scripts at runtime. App setting are stored encrypted and are set, updated, and deleted by administrators in the Management Portal. When you store persisted data, such as login credentials or shared keys, in app settings, you have a single storage point that can be accessed from various server scripts in your mobile service.

When you store credentials for other services, such as Twitter OAuth credentials, directly in your code, these credentials can end up on a local computer. This means that with a .NET backend or when using source control to publish server scripts for a JavaScript backend, care must be taken to restrict access to files that contain credentials. Because of this, valuable credentials should be stored as app settings instead of directly in your code.

For a JavaScript backend mobile service, you access stored settings from the config property of the service object in a custom API. The following example gets the value of a custom setting named MY_CUSTOM_SETTING:

var customSetting = 

In a table operation or schedule job script, you can access the app settings by loading the mobileservice-config Node.js module. The following example gets JSON settings object by using the global require function to load the configuration module for the mobile service:

var settings = require('mobileservice-config').appSettings;

For a .NET backend mobile service, you access stored settings from the Services property in every controller or scheduled job. The T:Microsoft.WindowsAzure.Mobile.Service.ServiceSettingsDictionary returned by the P:Microsoft.WindowsAzure.Mobile.Service.ApiServices.Settings property has properties for all pre-defined service settings. Custom settings are accessed from the Dictionary<TKey, TValue> as follows:

// Try to get the stored Twitter access token from app settings.  
if (!(Services.Settings.TryGetValue("TWITTER_ACCESS_TOKEN", out accessToken) |
Services.Settings.TryGetValue("TWITTER_ACCESS_TOKEN_SECRET", out accessTokenSecret)))
    Services.Log.Error("Could not retrieve Twitter access credentials.");

You can set the app settings as key/value pairs in the appSettings section of the .NET backend project’s Web.config file. These values are used when testing a .NET backend project on the local computer. When running in Azure, these values are ignored and the portal settings are used instead.

Consider the following when storing data in app settings:

  • Names must be unique, in an case-insensitive comparison.

  • Names must be less than 60 characters and values must be less than 1000 characters.

  • The maximum number of settings for a single mobile service is 1000.