Skip to main content

Understanding API access scopes and limitations

Learn how Mobaro API access is structured, including permissions, limits, and best practices for usage.

Logan Bowlby avatar
Written by Logan Bowlby
Updated over a week ago

Overview

API access in Mobaro is permission-based and intentionally scoped to protect your data, maintain platform stability, and ensure secure integrations. Whether you're using the API for reporting, automation, or real-time data syncs, it's important to understand how access and limits work behind the scenes.

Scopes and permissions

Each API key is tied to a specific Mobaro account and inherits access permissions based on the user or service configuration.

  • API keys can only access data that the corresponding account has permission to view.

  • This includes location-based restrictions, result visibility, user group membership, and more.

  • If you use multiple environments (e.g. production vs test), each will require a separate API key with relevant permissions.

Tip: Use service-specific roles for API keys (e.g. "Analytics Service" or "Data Sync") and assign them only the access required for that integration.

Rate limits and performance considerations

To keep the Mobaro platform fast and reliable for all users, API usage is subject to rate limits.

  • These limits are shared across all API clients within the same account, not applied per key or user.

  • Excessive or poorly optimized requests can affect access for other integrations within your organization.

Note: If you’re working with automation platforms like Power Automate or are making frequent batch requests, make sure your flows include throttling or delay logic.

Usage best practices

Follow these guidelines to avoid hitting limits and ensure secure, efficient access:

  • Cache results locally when polling for unchanged data.

  • Use filtered endpoints with parameters like AnsweredAfter or LocationIds to reduce payload sizes.

  • Paginate your requests when supported.

  • Avoid polling endpoints in short intervals—use webhooks or scheduled exports if possible.

  • Never expose your API key in frontend code or public repositories.

Frequently asked questions

Q: Can I increase the API rate limit for my account?
A: If your use case requires higher throughput, contact your Customer Success Manager to discuss options. We may be able to grant expanded access depending on your setup.

Q: Will using multiple API keys bypass the rate limit?
A: No. Rate limits are applied to the entire account and are not circumvented by using additional keys.

Q: Can I create different scopes or restrict access by module?
A: Not currently. Access is based on the Mobaro account's internal user/group permissions. However, you can control which endpoints are used through your own scripts or services.

Q: Is there a limit on how much data I can pull at once?
A: While there's no hard limit on total records, large requests may be automatically paginated or time out depending on their size. Always use pagination and filters where possible.

Related Articles
Exporting Results
Creating and Managing API Keys
Creating and managing RideOps keys
Getting started with the Mobaro API
Getting started with Mobaro's Power Automate connector
Did this answer your question?