Mobify DevCenter

Mobify Cloud API Overview

Note: The Mobify Cloud API is under active development. Not all resources and actions available through the Mobify Cloud dashboard are currently available through the API.

The Mobify Cloud API allows you to interact with resources via a RESTful interface:

  • Projects represent a specific application. Projects have targets and bundles.
  • Targets are environments that run your app. They might be named and long lived like production or staging, or disposable and short lived like september-load-testing or homepage-add-new-hero-banner.
  • Bundles are app code at a specific point in time. They are immutable release artifacts containing JavaScript and other resources to run your app.
  • Deployments put the code from a bundle onto a target.

Access our Mobify Cloud API Reference →

Before you begin

To use the API, you need a Mobify API Key 🔑. The key must be included in the HTTP request Authorization header with the value Bearer $MOBIFY_API_KEY.

Important: Treat your API key like a password as it allows scripts to perform operations on your behalf.

You can make API requests using tools like curl or Postman.

Note: To follow along in this tutorial, replace the Project ID with your own Project’s ID. You can find it on your project’s Settings page in Mobify Cloud.


Let’s begin to learn the API by walking through an example step by step, using Mobify’s training project.

By default, projects start with a target called production. Often, it’s useful to create non-production targets for testing.

First, we will list the training project’s targets:

curl '' \
--header "Authorization: Bearer $MOBIFY_API_KEY"

Second, let’s create a new target, staging, that we can use to verify changes before deploying them to production:

curl '' \
--request 'POST' \
--header "Authorization: Bearer $MOBIFY_API_KEY" \
--header 'Content-Type: application/json' \
--data '{"name": "staging"}'

To use your new target, you must deploy a bundle to it in Mobify Cloud.

Third, let’s review the details of the staging target we created:

curl '' \
--header "Authorization: Bearer $MOBIFY_API_KEY"

Finally, let’s modify our staging target to set its configured proxies:

curl '' \
--request 'PATCH' \
--header "Authorization: Bearer $MOBIFY_API_KEY" \
--header 'Content-Type: application/json' \
--data '{"ssr_proxy_configs": [{"host": ""}]}'

Changing the configuration will cause the current bundle to be re-deployed automatically so that the changes can take effect.

If you’re having trouble with the above commands:

  • Try using curl’s --fail argument to display errors.
  • Check your API key.
  • Check your project’s ID.
  • API endpoints also work in browser. Log in to Mobify Cloud then open the endpoint you are using directly in your browser.

Access our list of Target API endpoints →

Restricting target access to specific IPs

Note: Use these steps only when your security policy requires you to restrict access to environments by IP. In the general case, we recommend restricting access using HTTP authorization or a secret HTTP header checked in request processor or the app server.

Now let’s look at another example using the API.

Consider the staging target we created above, and imagine we wanted to restrict access to specific IPs. You can restrict access to staging using the Mobify Cloud API by updating its ssr_whitelisted_ips.

First, we will fetch the settings for the staging target:

curl '' \
--header "Authorization: Bearer $MOBIFY_API_KEY"

Next, we will update staging by passing in the set of IPs that will be allowed access.

curl '' \
--request 'PATCH' \
--header "Authorization: Bearer $MOBIFY_API_KEY" \
--header 'Content-Type: application/json' \
--data '{"ssr_whitelisted_ips": ","}'

Note: IPs in ssr_whitelisted_ips use CIDR format and are comma separated.

Following these steps, you can modify any of the target settings returned by the JSON object in the first step!