You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by sn...@apache.org on 2015/08/12 19:14:02 UTC
[07/60] [abbrv] incubator-usergrid git commit: cherry picking docs from master

http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/revoking-tokens-logout.html
----------------------------------------------------------------------
diff --git a/content/docs/security-and-auth/revoking-tokens-logout.html b/content/docs/security-and-auth/revoking-tokens-logout.html
new file mode 100644
index 0000000..f9b899a
--- /dev/null
+++ b/content/docs/security-and-auth/revoking-tokens-logout.html
@@ -0,0 +1,342 @@
+
+
+<!DOCTYPE html>
+<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
+<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
+<head>
+  <meta charset="utf-8">
+  
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  
+  <title>Revoking tokens (logout) &mdash; Apache Usergrid 1.0 documentation</title>
+  
+
+  
+  
+
+  
+
+  
+  
+    
+
+  
+
+  
+  
+    <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
+  
+
+  
+
+  
+    <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
+        <link rel="next" title="Facebook sign in" href="facebook-sign.html"/>
+        <link rel="prev" title="Authenticating API requests" href="authenticating-api-requests.html"/> 
+
+  
+  <script src="../_static/js/modernizr.min.js"></script>
+
+</head>
+
+<body class="wy-body-for-nav" role="document">
+
+  <div class="wy-grid-for-nav">
+
+    
+    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
+      <div class="wy-side-nav-search">
+        
+
+        
+          <a href="../index.html" class="icon icon-home"> Apache Usergrid
+        
+
+        
+        </a>
+
+        
+          
+          
+            <div class="version">
+              1.0
+            </div>
+          
+        
+
+        
+<div role="search">
+  <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
+    <input type="text" name="q" placeholder="Search docs" />
+    <input type="hidden" name="check_keywords" value="yes" />
+    <input type="hidden" name="area" value="default" />
+  </form>
+</div>
+
+        
+      </div>
+
+      <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
+        
+          
+          
+              <p class="caption"><span class="caption-text">Introduction</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Getting Started</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Data Storage</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Data Queries</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters &amp; clauses</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators &amp; data types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Entity Connections</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Security &amp; Authentication</span></p>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security &amp; token authentication</a></li>
+<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users &amp; app clients</a></li>
+<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li>
+<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="">Revoking tokens (logout)</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#revoking-tokens-user-logout">Revoking tokens (user logout)</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#request-syntax">Request syntax</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#example-request">Example request</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#revoking-admin-user-tokens">Revoking admin user tokens</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
+<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li>
+</ul>
+<p class="caption"><span class="caption-text">User Management &amp; Social Graph</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management &amp; social graph</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Geo-location</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Assets &amp; Files</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Counters &amp; Events</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters &amp; events</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating &amp; incrementing counters</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Organizations &amp; Applications</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization &amp; application management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
+</ul>
+<p class="caption"><span class="caption-text">API Reference</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Client SDKs</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Installing the Stack</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li>
+</ul>
+<p class="caption"><span class="caption-text">More about Usergrid</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations &amp; Videos</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code &amp; Docs</a></li>
+</ul>
+
+          
+        
+      </div>
+      &nbsp;
+    </nav>
+
+    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
+
+      
+      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
+        <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
+        <a href="../index.html">Apache Usergrid</a>
+      </nav>
+
+
+      
+      <div class="wy-nav-content">
+        <div class="rst-content">
+          <div role="navigation" aria-label="breadcrumbs navigation">
+  <ul class="wy-breadcrumbs">
+    <li><a href="../index.html">Docs</a> &raquo;</li>
+      
+    <li>Revoking tokens (logout)</li>
+      <li class="wy-breadcrumbs-aside">
+        
+          
+            <a href="../_sources/security-and-auth/revoking-tokens-logout.txt" rel="nofollow"> View page source</a>
+          
+        
+      </li>
+  </ul>
+  <hr/>
+</div>
+          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
+           <div itemprop="articleBody">
+            
+  <div class="section" id="revoking-tokens-logout">
+<h1>Revoking tokens (logout)<a class="headerlink" href="#revoking-tokens-logout" title="Permalink to this headline">¶</a></h1>
+<p>Under certain circumstances, you may need to explicitly revoke one or
+more tokens associated with a user entity, such as when a user logs out
+of your app. This is accomplished by making a PUT request to the
+/revoketoken and /revoketokens endpoints.</p>
+<div class="section" id="revoking-tokens-user-logout">
+<h2>Revoking tokens (user logout)<a class="headerlink" href="#revoking-tokens-user-logout" title="Permalink to this headline">¶</a></h2>
+<p>If a user has been logged in using the Usergrid iOS, Android, JavaScript
+or node.JS SDKs, the returned token is automatically stored in the
+UsergridDataClient (iOS), DataClient (Android), Usergrid.Client
+(JavaScript), Usergrid.Client (node.JS) class instance. Calling the
+logout method of the SDK will destroy the token on the server, as well
+as in the client object.</p>
+<div class="section" id="request-syntax">
+<h3>Request syntax<a class="headerlink" href="#request-syntax" title="Permalink to this headline">¶</a></h3>
+<p>Revoke all tokens associated with a user entity</p>
+<div class="highlight-python"><div class="highlight"><pre>curl -X PUT https://api.usergrid.com/&lt;org_name&gt;/&lt;app_name&gt;/users/&lt;user_uuid_or_username&gt;/revoketokens
+</pre></div>
+</div>
+<p>Revoke a specific token associated with a user entity</p>
+<div class="highlight-python"><div class="highlight"><pre>curl -X PUT https://api.usergrid.com/&lt;org_name&gt;/&lt;app_name&gt;/users/&lt;user_uuid_or_username&gt;/revoketoken?token=&lt;token_to_revoke&gt;
+</pre></div>
+</div>
+</div>
+<div class="section" id="example-request">
+<h3>Example request<a class="headerlink" href="#example-request" title="Permalink to this headline">¶</a></h3>
+<div class="highlight-python"><div class="highlight"><pre>curl -X PUT https://api.usergrid.com/your-org/your-app/users/someUser/revoketokens
+</pre></div>
+</div>
+<p>Example response</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span>
+  <span class="s">&quot;action&quot;</span> <span class="p">:</span> <span class="s">&quot;revoked user token&quot;</span><span class="p">,</span>
+  <span class="s">&quot;timestamp&quot;</span> <span class="p">:</span> <span class="mi">1382050891455</span><span class="p">,</span>
+  <span class="s">&quot;duration&quot;</span> <span class="p">:</span> <span class="mi">24</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</div>
+<div class="section" id="revoking-admin-user-tokens">
+<h3>Revoking admin user tokens<a class="headerlink" href="#revoking-admin-user-tokens" title="Permalink to this headline">¶</a></h3>
+<p>The /revoketoken and /revoketokens endpoints also work for revoking
+admin user tokens by making a PUT request to /management/users//</p>
+</div>
+</div>
+</div>
+
+
+           </div>
+          </div>
+          <footer>
+  
+    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
+      
+        <a href="facebook-sign.html" class="btn btn-neutral float-right" title="Facebook sign in" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
+      
+      
+        <a href="authenticating-api-requests.html" class="btn btn-neutral" title="Authenticating API requests" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
+      
+    </div>
+  
+
+  <hr/>
+
+  <div role="contentinfo">
+    <p>
+        &copy; Copyright 2013-2015, Apache Usergrid.
+
+    </p>
+  </div>
+  Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
+
+</footer>
+
+        </div>
+      </div>
+
+    </section>
+
+  </div>
+  
+
+
+  
+
+    <script type="text/javascript">
+        var DOCUMENTATION_OPTIONS = {
+            URL_ROOT:'../',
+            VERSION:'1.0',
+            COLLAPSE_INDEX:false,
+            FILE_SUFFIX:'.html',
+            HAS_SOURCE:  true
+        };
+    </script>
+      <script type="text/javascript" src="../_static/jquery.js"></script>
+      <script type="text/javascript" src="../_static/underscore.js"></script>
+      <script type="text/javascript" src="../_static/doctools.js"></script>
+
+  
+
+  
+  
+    <script type="text/javascript" src="../_static/js/theme.js"></script>
+  
+
+  
+  
+  <script type="text/javascript">
+      jQuery(function () {
+          SphinxRtdTheme.StickyNav.enable();
+      });
+  </script>
+   
+
+</body>
+</html>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/securing-your-app.html
----------------------------------------------------------------------
diff --git a/content/docs/security-and-auth/securing-your-app.html b/content/docs/security-and-auth/securing-your-app.html
new file mode 100644
index 0000000..f0638cf
--- /dev/null
+++ b/content/docs/security-and-auth/securing-your-app.html
@@ -0,0 +1,398 @@
+
+
+<!DOCTYPE html>
+<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
+<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
+<head>
+  <meta charset="utf-8">
+  
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  
+  <title>Security best practices &mdash; Apache Usergrid 1.0 documentation</title>
+  
+
+  
+  
+
+  
+
+  
+  
+    
+
+  
+
+  
+  
+    <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
+  
+
+  
+
+  
+    <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
+        <link rel="next" title="User management &amp; social graph" href="../user-management/user-management.html"/>
+        <link rel="prev" title="Facebook sign in" href="facebook-sign.html"/> 
+
+  
+  <script src="../_static/js/modernizr.min.js"></script>
+
+</head>
+
+<body class="wy-body-for-nav" role="document">
+
+  <div class="wy-grid-for-nav">
+
+    
+    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
+      <div class="wy-side-nav-search">
+        
+
+        
+          <a href="../index.html" class="icon icon-home"> Apache Usergrid
+        
+
+        
+        </a>
+
+        
+          
+          
+            <div class="version">
+              1.0
+            </div>
+          
+        
+
+        
+<div role="search">
+  <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
+    <input type="text" name="q" placeholder="Search docs" />
+    <input type="hidden" name="check_keywords" value="yes" />
+    <input type="hidden" name="area" value="default" />
+  </form>
+</div>
+
+        
+      </div>
+
+      <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
+        
+          
+          
+              <p class="caption"><span class="caption-text">Introduction</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Getting Started</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Data Storage</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Data Queries</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters &amp; clauses</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators &amp; data types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Entity Connections</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Security &amp; Authentication</span></p>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security &amp; token authentication</a></li>
+<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users &amp; app clients</a></li>
+<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li>
+<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
+<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="">Security best practices</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#never-use-the-sandbox-for-a-production-app">Never use the &#8216;sandbox&#8217; for a production app</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#review-permissions-in-your-apps">Review permissions in your apps</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#edit-the-default-role">Edit the &#8216;default&#8217; role</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#use-https">Use https</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#acquire-access-tokens-in-a-secure-way">Acquire access tokens in a secure way</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#treat-mobile-clients-as-untrustworthy">Treat mobile clients as untrustworthy</a></li>
+</ul>
+</li>
+</ul>
+<p class="caption"><span class="caption-text">User Management &amp; Social Graph</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management &amp; social graph</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Geo-location</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Assets &amp; Files</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Counters &amp; Events</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters &amp; events</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating &amp; incrementing counters</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Organizations &amp; Applications</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization &amp; application management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
+</ul>
+<p class="caption"><span class="caption-text">API Reference</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Client SDKs</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Installing the Stack</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li>
+</ul>
+<p class="caption"><span class="caption-text">More about Usergrid</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations &amp; Videos</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code &amp; Docs</a></li>
+</ul>
+
+          
+        
+      </div>
+      &nbsp;
+    </nav>
+
+    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
+
+      
+      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
+        <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
+        <a href="../index.html">Apache Usergrid</a>
+      </nav>
+
+
+      
+      <div class="wy-nav-content">
+        <div class="rst-content">
+          <div role="navigation" aria-label="breadcrumbs navigation">
+  <ul class="wy-breadcrumbs">
+    <li><a href="../index.html">Docs</a> &raquo;</li>
+      
+    <li>Security best practices</li>
+      <li class="wy-breadcrumbs-aside">
+        
+          
+            <a href="../_sources/security-and-auth/securing-your-app.txt" rel="nofollow"> View page source</a>
+          
+        
+      </li>
+  </ul>
+  <hr/>
+</div>
+          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
+           <div itemprop="articleBody">
+            
+  <div class="section" id="security-best-practices">
+<h1>Security best practices<a class="headerlink" href="#security-best-practices" title="Permalink to this headline">¶</a></h1>
+<p>There a number of actions you should take to ensure that your app is
+secure before you put it into production. The following is not an
+exhaustive list, but offers some common best practices you should
+consider following to keep your app secure when using the Usergrid.</p>
+<div class="section" id="never-use-the-sandbox-for-a-production-app">
+<h2>Never use the &#8216;sandbox&#8217; for a production app<a class="headerlink" href="#never-use-the-sandbox-for-a-production-app" title="Permalink to this headline">¶</a></h2>
+<p>By default, every new Usergrid account has an app named “sandbox” that
+is already created under your new organization. This app is no different
+than any other app that you might create, except that the Guest role has
+been given full permissions (that is, /** for GET, POST, PUT, and
+DELETE). This eliminates the need for a token when making application
+level calls, and can make it much easier to get your app up and running;
+however, it also means that any data in the sandbox application is
+completely unsecured.</p>
+<p>As with any other app, you can secure the sandbox application by
+updating its roles and permissions. For more on working with permissions
+and roles, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p>
+</div>
+<div class="section" id="review-permissions-in-your-apps">
+<h2>Review permissions in your apps<a class="headerlink" href="#review-permissions-in-your-apps" title="Permalink to this headline">¶</a></h2>
+<p>Prior to launching your app into a production environment, it is
+advisable to review all the roles and permissions you have set up, as
+well as the groups and users you have assigned those permissions and
+roles to. During development, you may find that you added various
+permissions which may or may not still be required once the app is
+complete. Review all permissions and delete any that are no longer
+required.</p>
+<p>Prior to taking your app live, you should secure it by removing any
+unnecesary Guest permissions. (See <a class="reference external" href="using-permissions.html">Using
+Permissions</a> for further information about
+setting permissions.) After you secure your the app, any calls to the
+API will need to include an OAuth token. Oauth tokens (also called
+access tokens) are obtained by the API in response to successful
+authentication calls. Your app saves the token and uses it for all
+future calls during that session. Learn more about access tokens in
+Authenticating users and application clients.</p>
+</div>
+<div class="section" id="edit-the-default-role">
+<h2>Edit the &#8216;default&#8217; role<a class="headerlink" href="#edit-the-default-role" title="Permalink to this headline">¶</a></h2>
+<p>When preparing an application for production use, a good first step is
+to edit permission rules for the Default role. The permissions in this
+role will be applied to every user who authenticates with a valid access
+token.</p>
+<p>For example, in the Default role, you will most likely first want to
+remove the permission rule that grants full access to all authenticated
+users:</p>
+<div class="highlight-python"><div class="highlight"><pre>GET,PUT,POST,DELETE:/users/me/**
+</pre></div>
+</div>
+<p>For more on roles, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p>
+<p>Review test accounts If you created any test user or test administrator
+accounts during development, these should also be reviewed for relevancy
+and security. Delete any test accounts that are no longer needed. If
+these accounts are still needed, make sure that passwords have been
+secured to the standards required by your app.</p>
+</div>
+<div class="section" id="use-https">
+<h2>Use https<a class="headerlink" href="#use-https" title="Permalink to this headline">¶</a></h2>
+<p>Make sure that any calls you make to the API are done using the secure
+https protocol, and not the insecure http protocol.</p>
+<p>If your app is a web app, that is, an app served by a web server, make
+sure that the app is served using https.</p>
+</div>
+<div class="section" id="acquire-access-tokens-in-a-secure-way">
+<h2>Acquire access tokens in a secure way<a class="headerlink" href="#acquire-access-tokens-in-a-secure-way" title="Permalink to this headline">¶</a></h2>
+<p>There are various methods for acquiring an access token (see
+<a class="reference external" href="authenticating-users-and-application-clients.html">Authenticating users and application
+clients</a>. One
+method is to use the application or organization level client
+secret-client id combination. This method should not be used in client
+applications (this is, apps that are deployed to a device, and which
+authenticate and make calls against the API).</p>
+<p>That’s because a hacker could analyze your app (even a compiled, binary
+distribution of your app), and retrieve the secret-id combination. Armed
+with this information, an attacker could gain full access to the data in
+your account.</p>
+<p>Instead, use application user credentials. This means that your app’s
+users should provide a username and password. Your app would use these
+to authenticate against the API and retrieve an access token.</p>
+<p>The client secret-client id combination should be used only in secure,
+server-side applications where there is no possibility of a hacker
+gaining control of the credentials.</p>
+</div>
+<div class="section" id="treat-mobile-clients-as-untrustworthy">
+<h2>Treat mobile clients as untrustworthy<a class="headerlink" href="#treat-mobile-clients-as-untrustworthy" title="Permalink to this headline">¶</a></h2>
+<p>For mobile access, it is recommended that you connect as an application
+user with configured access control policies. Mobile applications are
+inherently untrusted because they can be easily examined and even
+decompiled.</p>
+<p>Any credentials stored in a mobile app should be considered secure only
+to the Application User level. This means that if you don’t want the
+user to be able to access or delete data in your Usergrid application,
+you need to make sure that you don’t enable that capability through
+roles or permissions. Because most web applications talk to the database
+using some elevated level of permissions, such as root, it’s generally a
+good idea for mobile applications to connect with a more restricted set
+of permissions. For more information on restricting access through
+permission rules, see <a class="reference external" href="using-permissions.html">Using Permissions</a>.</p>
+</div>
+</div>
+
+
+           </div>
+          </div>
+          <footer>
+  
+    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
+      
+        <a href="../user-management/user-management.html" class="btn btn-neutral float-right" title="User management &amp; social graph" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
+      
+      
+        <a href="facebook-sign.html" class="btn btn-neutral" title="Facebook sign in" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
+      
+    </div>
+  
+
+  <hr/>
+
+  <div role="contentinfo">
+    <p>
+        &copy; Copyright 2013-2015, Apache Usergrid.
+
+    </p>
+  </div>
+  Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
+
+</footer>
+
+        </div>
+      </div>
+
+    </section>
+
+  </div>
+  
+
+
+  
+
+    <script type="text/javascript">
+        var DOCUMENTATION_OPTIONS = {
+            URL_ROOT:'../',
+            VERSION:'1.0',
+            COLLAPSE_INDEX:false,
+            FILE_SUFFIX:'.html',
+            HAS_SOURCE:  true
+        };
+    </script>
+      <script type="text/javascript" src="../_static/jquery.js"></script>
+      <script type="text/javascript" src="../_static/underscore.js"></script>
+      <script type="text/javascript" src="../_static/doctools.js"></script>
+
+  
+
+  
+  
+    <script type="text/javascript" src="../_static/js/theme.js"></script>
+  
+
+  
+  
+  <script type="text/javascript">
+      jQuery(function () {
+          SphinxRtdTheme.StickyNav.enable();
+      });
+  </script>
+   
+
+</body>
+</html>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/user-authentication-types.html
----------------------------------------------------------------------
diff --git a/content/docs/security-and-auth/user-authentication-types.html b/content/docs/security-and-auth/user-authentication-types.html
new file mode 100644
index 0000000..7e8f76d
--- /dev/null
+++ b/content/docs/security-and-auth/user-authentication-types.html
@@ -0,0 +1,399 @@
+
+
+<!DOCTYPE html>
+<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
+<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
+<head>
+  <meta charset="utf-8">
+  
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  
+  <title>Authentication levels &mdash; Apache Usergrid 1.0 documentation</title>
+  
+
+  
+  
+
+  
+
+  
+  
+    
+
+  
+
+  
+  
+    <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
+  
+
+  
+
+  
+    <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
+        <link rel="next" title="Changing token expiration (time-to-live)" href="changing-token-time-live-ttl.html"/>
+        <link rel="prev" title="Authenticating users &amp; app clients" href="authenticating-users-and-application-clients.html"/> 
+
+  
+  <script src="../_static/js/modernizr.min.js"></script>
+
+</head>
+
+<body class="wy-body-for-nav" role="document">
+
+  <div class="wy-grid-for-nav">
+
+    
+    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
+      <div class="wy-side-nav-search">
+        
+
+        
+          <a href="../index.html" class="icon icon-home"> Apache Usergrid
+        
+
+        
+        </a>
+
+        
+          
+          
+            <div class="version">
+              1.0
+            </div>
+          
+        
+
+        
+<div role="search">
+  <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
+    <input type="text" name="q" placeholder="Search docs" />
+    <input type="hidden" name="check_keywords" value="yes" />
+    <input type="hidden" name="area" value="default" />
+  </form>
+</div>
+
+        
+      </div>
+
+      <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
+        
+          
+          
+              <p class="caption"><span class="caption-text">Introduction</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Getting Started</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Data Storage</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Data Queries</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters &amp; clauses</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators &amp; data types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Entity Connections</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Security &amp; Authentication</span></p>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security &amp; token authentication</a></li>
+<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users &amp; app clients</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="">Authentication levels</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#configuring-authentication-levels">Configuring authentication levels</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#user-authentication-level">User authentication level</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#admin-authentication-levels">Admin authentication levels</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
+<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
+<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li>
+</ul>
+<p class="caption"><span class="caption-text">User Management &amp; Social Graph</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management &amp; social graph</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Geo-location</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Assets &amp; Files</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Counters &amp; Events</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters &amp; events</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating &amp; incrementing counters</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Organizations &amp; Applications</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization &amp; application management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
+</ul>
+<p class="caption"><span class="caption-text">API Reference</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Client SDKs</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Installing the Stack</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li>
+</ul>
+<p class="caption"><span class="caption-text">More about Usergrid</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations &amp; Videos</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code &amp; Docs</a></li>
+</ul>
+
+          
+        
+      </div>
+      &nbsp;
+    </nav>
+
+    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
+
+      
+      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
+        <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
+        <a href="../index.html">Apache Usergrid</a>
+      </nav>
+
+
+      
+      <div class="wy-nav-content">
+        <div class="rst-content">
+          <div role="navigation" aria-label="breadcrumbs navigation">
+  <ul class="wy-breadcrumbs">
+    <li><a href="../index.html">Docs</a> &raquo;</li>
+      
+    <li>Authentication levels</li>
+      <li class="wy-breadcrumbs-aside">
+        
+          
+            <a href="../_sources/security-and-auth/user-authentication-types.txt" rel="nofollow"> View page source</a>
+          
+        
+      </li>
+  </ul>
+  <hr/>
+</div>
+          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
+           <div itemprop="articleBody">
+            
+  <div class="section" id="authentication-levels">
+<h1>Authentication levels<a class="headerlink" href="#authentication-levels" title="Permalink to this headline">¶</a></h1>
+<p>Usergrid supports four levels of authentication, but only one of them is
+used when checking a registered user&#8217;s permissions. The other three
+levels are useful for authenticating other application or web clients
+that require higher-level access to your Usergrid application or
+organization. Because the scope of access that the other authentication
+levels provide is so broad (and as a result, so powerful), it&#8217;s a bad
+practice to use them from a mobile app. Instead, they&#8217;re better suited
+to other client apps, such as web applications.</p>
+<div class="section" id="configuring-authentication-levels">
+<h2>Configuring authentication levels<a class="headerlink" href="#configuring-authentication-levels" title="Permalink to this headline">¶</a></h2>
+<p>Access permissions can only be configured for the &#8216;application user&#8217; –
+this can be done both programmatically and in the admin portal. The
+application, organization and admin clients cannot be configured, and
+can only be accessed programmatically via the API.</p>
+<p>For more about creating and managing roles and permissions for
+application users, see Managing access by defining permission rules. For
+a look at how security features fit together, see App Security Overview.</p>
+</div>
+<div class="section" id="user-authentication-level">
+<h2>User authentication level<a class="headerlink" href="#user-authentication-level" title="Permalink to this headline">¶</a></h2>
+<table class="usergrid-table">
+<tr>
+    <th><p>Authentication Level</p>
+</th>
+    <th><p>Description</p>
+</th>
+</tr>
+<tr>
+    <td><p>Application user</p>
+</td>
+    <td><p>This is the standard authentication type you will use to implement user
+login for your app. The application user level allows access to your
+Usergrid application as governed by the permission rules you create and
+associated with users and user groups. For more on setting permissions
+see Managing access by defining permission rules. Each Application User
+is represented by a User entity in your Usergrid application. For more
+about the User entity, see User.</p>
+</td>
+</tr>
+</table></div>
+<div class="section" id="admin-authentication-levels">
+<h2>Admin authentication levels<a class="headerlink" href="#admin-authentication-levels" title="Permalink to this headline">¶</a></h2>
+<div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p>
+  </p> <p class="last">
+
+
+Warning: Safe use of admin authentication levels. Never use client ID<p>and client secret, or any hard-coded credentials to authenticate this
+way from a client-side app, such as a mobile app. A hacker could analyze
+your app and extract the credentials for malicious use even if those
+credentials are compiled and in binary format. Even when authenticating
+with username and password, be cautious when using these authentication
+levels since they grant broad access to your Usergrid account. See &#8220;safe
+mobile access&#8221; in Authenticating API requests for additional
+considerations in keeping access to your app and its data secure.</p>
+</p></div>
+
+<table class="usergrid-table">
+<tr>
+    <th><p>Authentication Level</p>
+</th>
+    <th><p>Description</p>
+</th>
+</tr>
+<tr>
+   <td><p>Application client</p>
+</td>
+   <td><p>Grants full access to perform any operation on an Usergrid application
+(but not other applications within the same organization).</p>
+<p><p>Authentication at this level is useful in a server-side application (not
+a mobile app) that needs access to resources through the Usergrid API.
+For example, imagine you created a website that lists every hiking trail
+in the Rocky Mountains. You would want anyone to be able to view the
+content, but would not want them to access the Usergrid API and all your
+data directly. Instead, you would authenticate as an application client
+in your server-side code to access the data via the API in order to
+serve it to your website&#8217;s visitors.</p>
+</p></td>
+</tr>
+<tr>
+   <td><p>Organization client</p>
+</td>
+   <td><p>Grants full access to perform any operation on an Usergrid organization.</p>
+<p><p>This authentication level provides the greatest amount of access to an
+individual organization, allowing a client to perform any operation on
+an Usergrid organization and any applications in that organization. This
+level of access should be used sparingly and carefully.</p>
+</p></td>
+</tr>
+<tr>
+   <td><p>Admin user</p>
+</td>
+   <td><p>Allows full access to perform any operation on all organization accounts
+of which the admin user is a member.</p>
+<p><p>This authentication level is useful from applications that provide
+organization-wide administration features. For example, the Usergrid
+admin portal uses this level of access because it requires full access
+to the administration features.</p>
+</p><p>Unless you have a specific need for administrative features, such as to
+run test scripts that require access to management functionality, you
+should not use the admin user authentication level.</p>
+</td>
+</tr>
+</table></div>
+</div>
+
+
+           </div>
+          </div>
+          <footer>
+  
+    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
+      
+        <a href="changing-token-time-live-ttl.html" class="btn btn-neutral float-right" title="Changing token expiration (time-to-live)" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
+      
+      
+        <a href="authenticating-users-and-application-clients.html" class="btn btn-neutral" title="Authenticating users &amp; app clients" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
+      
+    </div>
+  
+
+  <hr/>
+
+  <div role="contentinfo">
+    <p>
+        &copy; Copyright 2013-2015, Apache Usergrid.
+
+    </p>
+  </div>
+  Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
+
+</footer>
+
+        </div>
+      </div>
+
+    </section>
+
+  </div>
+  
+
+
+  
+
+    <script type="text/javascript">
+        var DOCUMENTATION_OPTIONS = {
+            URL_ROOT:'../',
+            VERSION:'1.0',
+            COLLAPSE_INDEX:false,
+            FILE_SUFFIX:'.html',
+            HAS_SOURCE:  true
+        };
+    </script>
+      <script type="text/javascript" src="../_static/jquery.js"></script>
+      <script type="text/javascript" src="../_static/underscore.js"></script>
+      <script type="text/javascript" src="../_static/doctools.js"></script>
+
+  
+
+  
+  
+    <script type="text/javascript" src="../_static/js/theme.js"></script>
+  
+
+  
+  
+  <script type="text/javascript">
+      jQuery(function () {
+          SphinxRtdTheme.StickyNav.enable();
+      });
+  </script>
+   
+
+</body>
+</html>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/using-permissions.html
----------------------------------------------------------------------
diff --git a/content/docs/security-and-auth/using-permissions.html b/content/docs/security-and-auth/using-permissions.html
new file mode 100644
index 0000000..9151f01
--- /dev/null
+++ b/content/docs/security-and-auth/using-permissions.html
@@ -0,0 +1,510 @@
+
+
+<!DOCTYPE html>
+<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
+<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
+<head>
+  <meta charset="utf-8">
+  
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  
+  <title>Using permissions &mdash; Apache Usergrid 1.0 documentation</title>
+  
+
+  
+  
+
+  
+
+  
+  
+    
+
+  
+
+  
+  
+    <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
+  
+
+  
+
+  
+    <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
+        <link rel="next" title="Authenticating users &amp; app clients" href="authenticating-users-and-application-clients.html"/>
+        <link rel="prev" title="Security &amp; token authentication" href="app-security.html"/> 
+
+  
+  <script src="../_static/js/modernizr.min.js"></script>
+
+</head>
+
+<body class="wy-body-for-nav" role="document">
+
+  <div class="wy-grid-for-nav">
+
+    
+    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
+      <div class="wy-side-nav-search">
+        
+
+        
+          <a href="../index.html" class="icon icon-home"> Apache Usergrid
+        
+
+        
+        </a>
+
+        
+          
+          
+            <div class="version">
+              1.0
+            </div>
+          
+        
+
+        
+<div role="search">
+  <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
+    <input type="text" name="q" placeholder="Search docs" />
+    <input type="hidden" name="check_keywords" value="yes" />
+    <input type="hidden" name="area" value="default" />
+  </form>
+</div>
+
+        
+      </div>
+
+      <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
+        
+          
+          
+              <p class="caption"><span class="caption-text">Introduction</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Getting Started</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Data Storage</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Data Queries</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters &amp; clauses</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators &amp; data types</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Entity Connections</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Security &amp; Authentication</span></p>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security &amp; token authentication</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="">Using permissions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#permissions-syntax">Permissions syntax</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#complex-paths">Complex paths</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#assigning-permissions">Assigning permissions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#request-syntax">Request syntax</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#example-request">Example request</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#example-response">Example response</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#removing-permissions">Removing permissions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#id1">Request syntax</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#id2">Example request</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#id3">Example response</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users &amp; app clients</a></li>
+<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li>
+<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
+<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
+<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li>
+</ul>
+<p class="caption"><span class="caption-text">User Management &amp; Social Graph</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management &amp; social graph</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Geo-location</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Assets &amp; Files</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Counters &amp; Events</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters &amp; events</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating &amp; incrementing counters</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Organizations &amp; Applications</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization &amp; application management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
+</ul>
+<p class="caption"><span class="caption-text">API Reference</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Client SDKs</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
+</ul>
+<p class="caption"><span class="caption-text">Installing the Stack</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li>
+</ul>
+<p class="caption"><span class="caption-text">More about Usergrid</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations &amp; Videos</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code &amp; Docs</a></li>
+</ul>
+
+          
+        
+      </div>
+      &nbsp;
+    </nav>
+
+    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
+
+      
+      <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
+        <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
+        <a href="../index.html">Apache Usergrid</a>
+      </nav>
+
+
+      
+      <div class="wy-nav-content">
+        <div class="rst-content">
+          <div role="navigation" aria-label="breadcrumbs navigation">
+  <ul class="wy-breadcrumbs">
+    <li><a href="../index.html">Docs</a> &raquo;</li>
+      
+    <li>Using permissions</li>
+      <li class="wy-breadcrumbs-aside">
+        
+          
+            <a href="../_sources/security-and-auth/using-permissions.txt" rel="nofollow"> View page source</a>
+          
+        
+      </li>
+  </ul>
+  <hr/>
+</div>
+          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
+           <div itemprop="articleBody">
+            
+  <div class="section" id="using-permissions">
+<h1>Using permissions<a class="headerlink" href="#using-permissions" title="Permalink to this headline">¶</a></h1>
+<p>Permissions allow you to define user access to perform GET, POST, PUT,
+or DELETE operations on specific resources. When the user submits a
+request via your app code to the Usergrid API, the user’s permissions
+are checked against the resource paths that the user is trying to
+access. The request succeeds only if access to the resource is allowed
+by the permission rules you specify.</p>
+<div class="section" id="permissions-syntax">
+<h2>Permissions syntax<a class="headerlink" href="#permissions-syntax" title="Permalink to this headline">¶</a></h2>
+<p>In Usergrid, permissions are represented in the following format:</p>
+<div class="highlight-python"><div class="highlight"><pre>&lt;operations&gt;:&lt;resource_path&gt;
+</pre></div>
+</div>
+<ul class="simple">
+<li><code class="docutils literal"><span class="pre">&lt;operations&gt;</span></code>: A comma-delimited set of HTTP methods (<code class="docutils literal"><span class="pre">GET</span></code>,
+<code class="docutils literal"><span class="pre">PUT</span></code>, <code class="docutils literal"><span class="pre">POST</span></code>, <code class="docutils literal"><span class="pre">DELETE</span></code>) that are allowed for the specified
+resource path. For example, <code class="docutils literal"><span class="pre">get</span></code>, <code class="docutils literal"><span class="pre">post</span></code> would allow only
+<code class="docutils literal"><span class="pre">GET</span></code> and <code class="docutils literal"><span class="pre">POST</span></code> requests to be made to the specified resource.</li>
+<li><code class="docutils literal"><span class="pre">&lt;resource_path&gt;</span></code>: The path to the resources to be accessed. For
+example, <code class="docutils literal"><span class="pre">/users</span></code> would apply the permission to the users
+collection, while <code class="docutils literal"><span class="pre">/users/Tom</span></code> would apply the permission to only
+the user entity with username &#8216;Tom&#8217;.</li>
+</ul>
+</div>
+<div class="section" id="complex-paths">
+<h2>Complex paths<a class="headerlink" href="#complex-paths" title="Permalink to this headline">¶</a></h2>
+<p>Complex paths can be defined using <a class="reference external" href="http://ant.apache.org/manual/dirtasks.html#patterns">Apache Ant pattern
+syntax</a>. The
+following special path variables are supported for the construction of
+complex paths:</p>
+<table>
+<tr>
+   <td><p>Parameter</p>
+</td>
+   <td><p>Description</p>
+</td>
+</tr>
+<tr>
+   <td><p>*</p>
+</td>
+   <td><p>Treated as a wildcard. Assigns the permission to all paths at the
+specified level in the path hierarchy. For example, <code class="docutils literal"><span class="pre">/*</span></code> would match
+any collection, while <code class="docutils literal"><span class="pre">/users/Tom/*</span></code> would match /users/Tom/likes and
+<code class="docutils literal"><span class="pre">/users/Tom/owns</span></code>.</p>
+</td>
+</tr>
+<tr>
+   <td><p>**</p>
+</td>
+   <td><p>Assigns the permission to the path recursively. For example,
+<code class="docutils literal"><span class="pre">**/likes</span></code> would match <code class="docutils literal"><span class="pre">/likes</span></code> and <code class="docutils literal"><span class="pre">/users/likes</span></code>, while
+<code class="docutils literal"><span class="pre">/users/**</span></code> would match <code class="docutils literal"><span class="pre">/users</span></code> and <code class="docutils literal"><span class="pre">/users/likes</span></code>.</p>
+</td>
+</tr>
+<tr>
+   <td><p>${user}</p>
+</td>
+   <td><p>Automatically sets the path segment to the UUID of the currently
+authenticated user. For example, if you sent a request with a valid
+access token for a user with UUID
+<code class="docutils literal"><span class="pre">bd397ea1-a71c-3249-8a4c-62fd53c78ce7</span></code>, the path <code class="docutils literal"><span class="pre">/users/${user}</span></code>
+would be interpreted as <code class="docutils literal"><span class="pre">/users/bd397ea1-a71c-3249-8a4c-62fd53c78ce7</span></code>,
+assigning the permission only to that user entity.</p>
+</td>
+</tr>
+</table></div>
+<div class="section" id="assigning-permissions">
+<h2>Assigning permissions<a class="headerlink" href="#assigning-permissions" title="Permalink to this headline">¶</a></h2>
+<p>Permissions can only be assigned to user, group or role entities.
+Assigning permissions to roles can be particularly useful, as it allows
+you to create sets of permissions that represent complex access
+definitions, which can then be assigned to user and group entities. For
+more on roles, see Using roles.</p>
+<div class="section" id="request-syntax">
+<h3>Request syntax<a class="headerlink" href="#request-syntax" title="Permalink to this headline">¶</a></h3>
+<div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/&lt;org&gt;/&lt;app&gt;/&lt;collection&gt;/&lt;entity&gt;/permissions -d &#39;{&quot;permission&quot;:&lt;permissions&gt;}&#39;
+</pre></div>
+</div>
+<p>Parameters</p>
+<table border="1" class="docutils">
+<colgroup>
+<col width="11%" />
+<col width="89%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Parameter</th>
+<th class="head">Description</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td>org</td>
+<td>Organization UUID or organization name</td>
+</tr>
+<tr class="row-odd"><td>app</td>
+<td>Application UUID or application name</td>
+</tr>
+<tr class="row-even"><td>collection</td>
+<td>The collection of the entity that the permissions are to be assigned to.</td>
+</tr>
+<tr class="row-odd"><td>entity</td>
+<td>The UUID of the entity to assign the permissions to. For users, username and for groups, name are also accepted.</td>
+</tr>
+<tr class="row-even"><td>permissions</td>
+<td>The permissions to assign to the entity. See Permissions syntax for format.</td>
+</tr>
+</tbody>
+</table>
+<p>For collections, Valid values are users and groups.</p>
+</div>
+<div class="section" id="example-request">
+<h3>Example request<a class="headerlink" href="#example-request" title="Permalink to this headline">¶</a></h3>
+<p>For example, the following cURL request would give the user &#8216;Tom&#8217; POST
+permission to the /users collection:</p>
+<div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/your-org/your-app/users/Tom/permissions -d &#39;{&quot;permission&quot;:&quot;post:/users&quot;}&#39;
+</pre></div>
+</div>
+</div>
+<div class="section" id="example-response">
+<h3>Example response<a class="headerlink" href="#example-response" title="Permalink to this headline">¶</a></h3>
+<p>The newly assigned permission is returned in the data property of the
+response:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span>
+  <span class="s">&quot;action&quot;</span> <span class="p">:</span> <span class="s">&quot;post&quot;</span><span class="p">,</span>
+  <span class="s">&quot;application&quot;</span> <span class="p">:</span> <span class="s">&quot;f34f4222-a166-11e2-a7f7-02e81adcf3d0&quot;</span><span class="p">,</span>
+  <span class="s">&quot;params&quot;</span> <span class="p">:</span> <span class="p">{</span> <span class="p">},</span>
+  <span class="s">&quot;uri&quot;</span> <span class="p">:</span> <span class="s">&quot;https://api.usergrid.com/your-org/your-app&quot;</span><span class="p">,</span>
+  <span class="s">&quot;entities&quot;</span> <span class="p">:</span> <span class="p">[</span> <span class="p">],</span>
+  <span class="s">&quot;data&quot;</span> <span class="p">:</span> <span class="p">[</span> <span class="s">&quot;post:/users&quot;</span> <span class="p">],</span>
+  <span class="s">&quot;timestamp&quot;</span> <span class="p">:</span> <span class="mi">1402349612382</span><span class="p">,</span>
+  <span class="s">&quot;duration&quot;</span> <span class="p">:</span> <span class="mi">19</span><span class="p">,</span>
+  <span class="s">&quot;organization&quot;</span> <span class="p">:</span> <span class="s">&quot;your-org&quot;</span><span class="p">,</span>
+  <span class="s">&quot;applicationName&quot;</span> <span class="p">:</span> <span class="s">&quot;your-app&quot;</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</div>
+</div>
+<div class="section" id="removing-permissions">
+<h2>Removing permissions<a class="headerlink" href="#removing-permissions" title="Permalink to this headline">¶</a></h2>
+<p>Using a DELETE request, you can remove one of more permissions from a
+user, group, or role entity.</p>
+<div class="section" id="id1">
+<h3>Request syntax<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3>
+<div class="highlight-python"><div class="highlight"><pre>curl -X DELETE https://api.usergrid.com/&lt;org&gt;/&lt;app&gt;/&lt;collection&gt;/&lt;entity&gt;/permissions?=&lt;permissions&gt;
+</pre></div>
+</div>
+<p>Parameters</p>
+<table border="1" class="docutils">
+<colgroup>
+<col width="11%" />
+<col width="89%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Parameter</th>
+<th class="head">Description</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td>org</td>
+<td>Organization UUID or organization name</td>
+</tr>
+<tr class="row-odd"><td>app</td>
+<td>Application UUID or application name</td>
+</tr>
+<tr class="row-even"><td>collection</td>
+<td>The collection of the entity that the permissions are to be assigned to. Valid values are users and groups.</td>
+</tr>
+<tr class="row-odd"><td>entity</td>
+<td>The UUID of the entity to assign the permissions to. For users, username and for groups, name are also accepted.</td>
+</tr>
+<tr class="row-even"><td>permissions</td>
+<td>The permissions to assign to the entity. See <a class="reference external" href="using-permissions.html">Permissions syntax</a> for format.</td>
+</tr>
+</tbody>
+</table>
+</div>
+<div class="section" id="id2">
+<h3>Example request<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h3>
+<div class="highlight-python"><div class="highlight"><pre>curl -X DELETE https://api.usergrid.com/your-org/your-app/users/Tom/permissions?permission=post:/users
+</pre></div>
+</div>
+</div>
+<div class="section" id="id3">
+<h3>Example response<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h3>
+<p>The deleted permission is returned in the params.permission property of
+the response:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span>
+  <span class="s">&quot;action&quot;</span> <span class="p">:</span> <span class="s">&quot;delete&quot;</span><span class="p">,</span>
+  <span class="s">&quot;application&quot;</span> <span class="p">:</span> <span class="s">&quot;f34f4222-a166-11e2-a7f7-02e81adcf3d0&quot;</span><span class="p">,</span>
+  <span class="s">&quot;params&quot;</span> <span class="p">:</span> <span class="p">{</span>
+    <span class="s">&quot;permission&quot;</span> <span class="p">:</span> <span class="p">[</span> <span class="s">&quot;post:/users&quot;</span> <span class="p">]</span>
+  <span class="p">},</span>
+  <span class="s">&quot;uri&quot;</span> <span class="p">:</span> <span class="s">&quot;https://api.usergrid.com/your-org/your-app&quot;</span><span class="p">,</span>
+  <span class="s">&quot;entities&quot;</span> <span class="p">:</span> <span class="p">[</span> <span class="p">],</span>
+  <span class="s">&quot;data&quot;</span> <span class="p">:</span> <span class="p">[</span> <span class="s">&quot;post:/assets&quot;</span> <span class="p">],</span>
+  <span class="s">&quot;timestamp&quot;</span> <span class="p">:</span> <span class="mi">1402349951530</span><span class="p">,</span>
+  <span class="s">&quot;duration&quot;</span> <span class="p">:</span> <span class="mi">20</span><span class="p">,</span>
+  <span class="s">&quot;organization&quot;</span> <span class="p">:</span> <span class="s">&quot;your-org&quot;</span><span class="p">,</span>
+  <span class="s">&quot;applicationName&quot;</span> <span class="p">:</span> <span class="s">&quot;your-app&quot;</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</div>
+</div>
+</div>
+
+
+           </div>
+          </div>
+          <footer>
+  
+    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
+      
+        <a href="authenticating-users-and-application-clients.html" class="btn btn-neutral float-right" title="Authenticating users &amp; app clients" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
+      
+      
+        <a href="app-security.html" class="btn btn-neutral" title="Security &amp; token authentication" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
+      
+    </div>
+  
+
+  <hr/>
+
+  <div role="contentinfo">
+    <p>
+        &copy; Copyright 2013-2015, Apache Usergrid.
+
+    </p>
+  </div>
+  Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
+
+</footer>
+
+        </div>
+      </div>
+
+    </section>
+
+  </div>
+  
+
+
+  
+
+    <script type="text/javascript">
+        var DOCUMENTATION_OPTIONS = {
+            URL_ROOT:'../',
+            VERSION:'1.0',
+            COLLAPSE_INDEX:false,
+            FILE_SUFFIX:'.html',
+            HAS_SOURCE:  true
+        };
+    </script>
+      <script type="text/javascript" src="../_static/jquery.js"></script>
+      <script type="text/javascript" src="../_static/underscore.js"></script>
+      <script type="text/javascript" src="../_static/doctools.js"></script>
+
+  
+
+  
+  
+    <script type="text/javascript" src="../_static/js/theme.js"></script>
+  
+
+  
+  
+  <script type="text/javascript">
+      jQuery(function () {
+          SphinxRtdTheme.StickyNav.enable();
+      });
+  </script>
+   
+
+</body>
+</html>
\ No newline at end of file