Updated: February 27, 2015
Microsoft Azure Mobile Services has two keys that can be used to limit access to table data for unauthenticated users:
The application key is generated by Mobile Services and is distributed with your app. Because Mobile Services is a publicly available Azure service, table resources are accessed by HTTP requests. When a client requests resources and provides an application key, Mobile Services validates the key. If the client has supplied the correct application key, access is allowed to any tables that require the application key as authorization.
Security Note The application key is distributed with the application. Because this key is not encrypted, it cannot be considered secure. To secure access to you mobile service data, you must instead authenticate users before accessing.
The master key is used for administrator access to the service and to disable scripts. This key is an important secret that should not be distributed. This key can also be used to limit table access only to registered scripts executed by the service or to administrators.
Keys can be regenerated as needed. You might do this when an application key has been compromised to prevent unwanted clients from accessing your mobile service. To regenerate keys, click Manage keys, and then click Regenerate.
|When you regenerate keys, clients that use the old key may be unable to access your mobile service. When you regenerate the application key, you should update your app with the new key value.|