{"id":855,"date":"2026-04-16T10:27:39","date_gmt":"2026-04-16T10:27:39","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-mobile-hub-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development\/"},"modified":"2026-04-16T10:27:39","modified_gmt":"2026-04-16T10:27:39","slug":"oracle-cloud-mobile-hub-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-mobile-hub-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development\/","title":{"rendered":"Oracle Cloud Mobile Hub Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Application Development"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Application Development<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Mobile Hub<\/strong> is a managed service designed to help teams build the \u201cbackend\u201d capabilities that mobile apps commonly need\u2014secure APIs, user access control, push notifications, and integrations\u2014without building everything from scratch.<\/p>\n\n\n\n<p>In simple terms: <strong>Mobile Hub gives your mobile apps a ready-made, secure cloud backend<\/strong>. Your iOS\/Android (and other) clients call Mobile Hub APIs, and Mobile Hub can then call your enterprise systems (databases, REST\/SOAP services, Oracle SaaS, and more).<\/p>\n\n\n\n<p>Technically, Mobile Hub is a <strong>Mobile Backend-as-a-Service (MBaaS)<\/strong> style platform. It provides a cloud-hosted runtime and tooling to define and secure APIs (including custom APIs), manage app clients and users, connect to external services, and expose those capabilities to your mobile apps via SDKs and REST endpoints.<\/p>\n\n\n\n<p><strong>Important service status note (verify in official docs):<\/strong> Oracle\u2019s mobile and integration portfolio has evolved over time (for example, Oracle Mobile Cloud Service\u2014often abbreviated <strong>MCS<\/strong>\u2014and Oracle Mobile Hub naming\/packaging changes). In many Oracle environments, Mobile Hub is associated with <strong>Oracle Cloud Platform (Classic)<\/strong> services. Availability for <strong>new<\/strong> customers\/tenancies and the exact feature set may vary by region, tenancy type, and contract. If you cannot find Mobile Hub in your Oracle Cloud console, check your service entitlements or verify the latest official documentation and Oracle support guidance.<\/p>\n\n\n\n<p>What problem Mobile Hub solves:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mobile apps need <strong>secure, versioned APIs<\/strong>, <strong>identity<\/strong>, and <strong>backend integrations<\/strong>.<\/li>\n<li>Enterprises need <strong>governance<\/strong> (authentication\/authorization, auditing, separation of dev\/test\/prod) and <strong>operational tooling<\/strong>.<\/li>\n<li>Teams want <strong>faster delivery<\/strong> than building a bespoke backend from scratch.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Mobile Hub?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose (practical definition)<\/h3>\n\n\n\n<p><strong>Mobile Hub<\/strong> is an Oracle Cloud <strong>Application Development<\/strong> service for creating and operating mobile backends. It helps you expose enterprise data and services to mobile clients through secure APIs and supporting mobile-focused capabilities (for example, push notifications). The exact supported capabilities depend on your Mobile Hub version\/edition\u2014<strong>verify in official docs for your tenancy<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities (what it typically includes)<\/h3>\n\n\n\n<p>Mobile Hub generally focuses on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Mobile Backends<\/strong>: Logical containers that group APIs, security policies, environments, and client settings for a given mobile app or app suite.<\/li>\n<li><strong>API exposure<\/strong>:<\/li>\n<li>Defining REST endpoints for mobile use<\/li>\n<li>Securing and managing access to APIs<\/li>\n<li>Often includes the ability to create <strong>custom APIs<\/strong> (server-side code hosted by the service)<\/li>\n<li><strong>Integrations \/ connectors<\/strong> (commonly): Call external REST\/SOAP services, and integrate with Oracle services and enterprise systems.<\/li>\n<li><strong>Mobile app support features<\/strong> (commonly): push notifications, mobile client registration, and sometimes analytics\/diagnostics (depends on edition\/version\u2014verify).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components (typical conceptual model)<\/h3>\n\n\n\n<p>While naming can differ slightly across releases, a Mobile Hub deployment commonly has:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Mobile Hub instance<\/strong> (your provisioned service)<\/li>\n<li><strong>Mobile Backend(s)<\/strong> (one per app or environment pattern)<\/li>\n<li><strong>API catalog<\/strong> (custom APIs and possibly connectors)<\/li>\n<li><strong>Security configuration<\/strong>:<\/li>\n<li>OAuth client\/app configuration<\/li>\n<li>Roles, policies, sometimes user stores or federated identity integration<\/li>\n<li><strong>Operational tooling<\/strong>:<\/li>\n<li>Logs\/diagnostics dashboards<\/li>\n<li>Environment configuration<\/li>\n<li>Keys\/secrets management <em>within the service<\/em> (still treat as sensitive; see Security section)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Managed PaaS<\/strong> (Oracle runs the service runtime and control plane; you configure backends\/APIs and deploy custom API code if supported).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope (regional\/global\/account scoped)<\/h3>\n\n\n\n<p>This depends on the underlying Oracle Cloud environment:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In many deployments, Mobile Hub is <strong>instance-scoped<\/strong> to a region\/data center and tied to a specific Oracle Cloud account\/identity domain\/subscription.<\/li>\n<li>Resources (mobile backends, APIs) are scoped to the <strong>Mobile Hub instance<\/strong>.<\/li>\n<li><strong>Verify<\/strong> region availability and tenancy\/identity model in the official docs for your environment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>Mobile Hub is typically positioned alongside or integrated with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Oracle Identity<\/strong> services (for authentication, OAuth, federation)<\/li>\n<li><strong>Oracle Integration \/ API management<\/strong> patterns (for enterprise integrations and governance)<\/li>\n<li><strong>Oracle databases<\/strong> (Autonomous Database, Oracle Database services) via your API implementations or integrations<\/li>\n<li><strong>Observability<\/strong> tools (service-provided analytics\/logging; possibly integration with broader Oracle logging\/monitoring depending on your deployment)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Mobile Hub?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Accelerate mobile delivery<\/strong>: Reduce time spent building common backend features (auth, API scaffolding, push).<\/li>\n<li><strong>Standardize mobile backends<\/strong>: Use consistent patterns across teams and apps.<\/li>\n<li><strong>Reduce integration friction<\/strong>: Provide a governed way to connect mobile apps to enterprise systems.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Central place to:<\/li>\n<li>Define mobile-facing APIs<\/li>\n<li>Apply consistent authentication\/authorization policies<\/li>\n<li>Version and manage API lifecycle (where supported)<\/li>\n<li>Reduce bespoke \u201cglue code\u201d across mobile apps by moving integration to a managed backend layer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Better separation of concerns:<\/li>\n<li>Mobile developers focus on UI\/UX and app logic.<\/li>\n<li>Backend\/platform teams manage API security, connectivity, environments, and operations.<\/li>\n<li>Easier to run <strong>dev\/test\/prod<\/strong> patterns with repeatable configuration (depends on features available).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enforce <strong>OAuth-based access<\/strong> and role-based restrictions for APIs.<\/li>\n<li>Centralize mobile API exposure (reducing ad hoc endpoints and shadow APIs).<\/li>\n<li>Logging and auditing (capability varies\u2014verify in official docs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Managed service scaling characteristics (within service limits).<\/li>\n<li>Ability to optimize payloads and caching patterns at the API layer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose Mobile Hub<\/h3>\n\n\n\n<p>Choose Mobile Hub when:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You have multiple mobile apps and want a <strong>standard mobile backend platform<\/strong>.<\/li>\n<li>You need a <strong>governed API facade<\/strong> between mobile clients and enterprise services.<\/li>\n<li>You benefit from mobile-specific features (such as push notification management) in the same platform as APIs.<\/li>\n<li>You already operate Oracle Cloud services and want a cohesive Oracle-aligned architecture.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose Mobile Hub<\/h3>\n\n\n\n<p>Avoid or reconsider Mobile Hub when:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Your Oracle Cloud environment <strong>does not offer Mobile Hub<\/strong> (entitlement\/availability).<\/li>\n<li>You require a fully cloud-native approach using OCI-native services (for example, OCI API Gateway + Functions + OKE) and Mobile Hub is not aligned with your current platform direction.<\/li>\n<li>You want a backend that is fully portable across clouds with minimal platform-specific coupling.<\/li>\n<li>You need features that Mobile Hub does not provide in your edition\/version (for example, advanced API monetization, full API analytics, specialized eventing).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Mobile Hub used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Financial services (secure mobile banking features, controlled API access)<\/li>\n<li>Retail (mobile shopping apps, loyalty integrations, push campaigns)<\/li>\n<li>Healthcare (patient apps, appointment scheduling, data access governance)<\/li>\n<li>Manufacturing\/logistics (field workforce apps, asset tracking, offline-to-online workflows via APIs)<\/li>\n<li>Public sector (citizen apps, secure access, integration with legacy systems)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mobile development teams (iOS\/Android)<\/li>\n<li>Platform engineering teams (API governance, security, environments)<\/li>\n<li>Integration teams (connecting SaaS\/on-prem services)<\/li>\n<li>DevOps\/SRE (monitoring, incident response, scaling)<\/li>\n<li>Security engineering (identity, access controls, audit)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mobile-facing REST APIs (BFF\u2014Backend for Frontend style)<\/li>\n<li>Secure integration endpoints for enterprise systems<\/li>\n<li>Notification workflows for mobile apps<\/li>\n<li>API aggregation (compose multiple backend services into one mobile-friendly endpoint)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Mobile client \u2192 Mobile Hub \u2192 enterprise APIs\/databases<\/strong><\/li>\n<li><strong>Mobile client \u2192 Mobile Hub custom API \u2192 Oracle Integration \/ SaaS<\/strong><\/li>\n<li><strong>Mobile client \u2192 Mobile Hub \u2192 API gateway \u2192 microservices<\/strong> (pattern depends on your broader platform)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enterprises migrating from monolithic middleware toward API-based access for mobile<\/li>\n<li>Teams implementing an \u201cAPI facade\u201d layer to protect internal services from direct internet exposure<\/li>\n<li>Organizations standardizing mobile app security patterns and mobile client registration<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Production vs dev\/test usage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dev\/test: rapid iteration on API definitions and test clients<\/li>\n<li>Production: hardened authentication, least-privilege roles, network controls (where supported), monitoring, and strict change management<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where Oracle Cloud <strong>Mobile Hub<\/strong> is a natural fit. Feature availability can vary\u2014<strong>verify capabilities in your Mobile Hub edition\/version<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Mobile API facade for legacy systems<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Mobile app needs data from legacy services not designed for mobile or internet exposure.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Exposes mobile-friendly REST endpoints and enforces authentication centrally.<\/li>\n<li><strong>Example:<\/strong> A warehouse app calls <code>\/inventory\/{sku}<\/code> in Mobile Hub; Mobile Hub calls a legacy SOAP service internally.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Backend-for-Frontend (BFF) for multiple mobile clients<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> iOS and Android teams need consistent responses and reduced chattiness.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Custom API can aggregate multiple downstream calls into one endpoint.<\/li>\n<li><strong>Example:<\/strong> <code>\/home<\/code> endpoint returns user profile + tasks + alerts by calling three backend systems.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Secure partner mobile app access<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Partners need controlled access to APIs without exposing internal systems broadly.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> OAuth clients, scoped roles\/policies, and API separation through mobile backends.<\/li>\n<li><strong>Example:<\/strong> Delivery partner app can only access <code>\/deliveries<\/code> endpoints, not billing APIs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Push notification orchestration for mobile apps<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need to send operational or marketing notifications to registered devices.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Manages notification credentials and device registration flows (where available).<\/li>\n<li><strong>Example:<\/strong> Send a push notification when an order status changes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Mobile user authentication and authorization consistency<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Apps need consistent login flows and role-based access.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Centralizes OAuth token issuance\/validation and API-level authorization.<\/li>\n<li><strong>Example:<\/strong> Field technicians have \u201cTECH\u201d role; managers have \u201cMANAGER\u201d role, enforced per endpoint.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Staged rollout of mobile APIs (dev\/test\/prod)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Teams need predictable promotion across environments.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Instance\/backends can be aligned to environments; API versioning and deployment controls may be available.<\/li>\n<li><strong>Example:<\/strong> Deploy v2 of an API to test backend before production cutover.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Rapid prototyping of mobile app backends<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need a proof-of-concept quickly.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Quick scaffolding of APIs and security; hosted runtime for custom APIs.<\/li>\n<li><strong>Example:<\/strong> A hackathon app uses a simple custom API returning JSON.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Governance for a portfolio of mobile apps<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Many teams create inconsistent endpoints and security patterns.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Standard platform with shared patterns, logging, and centralized management.<\/li>\n<li><strong>Example:<\/strong> Central IT defines baseline policies and templates for all app teams.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Enterprise system integration without direct internet exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Internal systems can\u2019t be exposed publicly.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Mobile Hub is the internet-facing layer; downstream systems remain private (via network controls\/VPN\/proxy patterns, depending on your environment).<\/li>\n<li><strong>Example:<\/strong> Mobile Hub calls internal APIs via an integration layer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Mobile analytics and diagnostics (where supported)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need visibility into API usage patterns and errors from mobile clients.<\/li>\n<li><strong>Why Mobile Hub fits:<\/strong> Can provide dashboards\/logs\/analytics features (edition-dependent).<\/li>\n<li><strong>Example:<\/strong> Identify that 20% of calls fail due to expired tokens and improve refresh logic.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<p>Because Mobile Hub packaging has varied historically, treat the list below as <strong>core patterns<\/strong> and confirm the exact feature availability in your Mobile Hub console and official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Mobile Backends (logical grouping)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Creates a container for APIs, security configuration, and client settings for a mobile application.<\/li>\n<li><strong>Why it matters:<\/strong> Enforces separation between apps\/environments and simplifies governance.<\/li>\n<li><strong>Practical benefit:<\/strong> You can have separate backends for <code>dev<\/code>, <code>test<\/code>, and <code>prod<\/code>.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Backend-level settings vary by edition\/version; verify limits on number of backends.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Custom APIs (server-side API logic hosted by Mobile Hub)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Lets you implement mobile-facing endpoints using a service-provided framework\/runtime (often Node.js-based with a defined project structure).<\/li>\n<li><strong>Why it matters:<\/strong> Enables BFF patterns and integration logic close to the API layer.<\/li>\n<li><strong>Practical benefit:<\/strong> Aggregate calls, reshape payloads, implement validation, and enforce consistent responses.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Runtime constraints (timeouts, memory), supported language\/framework versions, and deployment pipeline are platform-specific\u2014verify in official docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">API definition and discovery (often RAML\/metadata-driven)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Defines endpoints, methods, and schemas to generate documentation and sometimes SDK support.<\/li>\n<li><strong>Why it matters:<\/strong> Consistent contract-first API design.<\/li>\n<li><strong>Practical benefit:<\/strong> Faster client development and fewer breaking changes.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Supported spec format\/version (for example RAML) can be fixed; verify.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Authentication and authorization (OAuth-centric)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Controls who\/what can call APIs using OAuth tokens, client credentials, and roles.<\/li>\n<li><strong>Why it matters:<\/strong> Mobile apps are high-risk clients; you need strong auth.<\/li>\n<li><strong>Practical benefit:<\/strong> Central policy enforcement without each backend service implementing auth differently.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Exact token endpoints, grant types, and integration with enterprise IdPs vary\u2014verify.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Mobile client\/app registration (client credentials)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Issues credentials (client ID\/secret) or keys to identify an app\/client.<\/li>\n<li><strong>Why it matters:<\/strong> Enables client-level access control, rate-limiting patterns, and telemetry.<\/li>\n<li><strong>Practical benefit:<\/strong> Revoke\/rotate credentials without shipping a new app (depending on client design).<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Credential rotation strategy must be designed carefully to avoid breaking deployed apps.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Connectors\/integrations to enterprise systems (varies)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Helps connect to REST\/SOAP backends and potentially Oracle services.<\/li>\n<li><strong>Why it matters:<\/strong> Enterprise data is often behind existing services.<\/li>\n<li><strong>Practical benefit:<\/strong> Reduce boilerplate and standardize connectivity.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Supported connector types and auth methods vary by release.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Push notifications (where available)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Manages notification providers (for example Apple Push Notification service and Firebase Cloud Messaging) and sends pushes to registered devices.<\/li>\n<li><strong>Why it matters:<\/strong> Push is a core mobile engagement and operational channel.<\/li>\n<li><strong>Practical benefit:<\/strong> Centralized sending and credential management.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Requires external provider setup (APNS\/FCM). Delivery guarantees depend on providers and device state.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Logging\/diagnostics (varies)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Provides runtime logs for API calls and backend behavior.<\/li>\n<li><strong>Why it matters:<\/strong> You need observability to operate production APIs.<\/li>\n<li><strong>Practical benefit:<\/strong> Faster troubleshooting and root cause analysis.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Retention, export options, and log granularity vary\u2014verify.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Environment configuration (per backend\/API)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Allows defining configuration values for endpoints, keys, and environment-specific variables.<\/li>\n<li><strong>Why it matters:<\/strong> Avoids hardcoding endpoints and secrets in code.<\/li>\n<li><strong>Practical benefit:<\/strong> Promote the same API package across environments with different config.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Do not treat it as a full secrets manager; follow your organization\u2019s secrets policy.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>At a high level, Mobile Hub sits between mobile clients and your enterprise systems:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Mobile app authenticates (OAuth flow depends on configuration).<\/li>\n<li>Mobile app calls Mobile Hub API endpoints over HTTPS.<\/li>\n<li>Mobile Hub validates tokens\/credentials and enforces authorization.<\/li>\n<li>Mobile Hub routes to:\n   &#8211; a <strong>custom API implementation<\/strong> hosted by Mobile Hub, and\/or\n   &#8211; an integration\/connector to an external service.<\/li>\n<li>Mobile Hub returns a mobile-friendly response.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Request, data, and control flow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control plane:<\/strong> Administrators define mobile backends, configure security, deploy custom APIs, and configure integrations.<\/li>\n<li><strong>Data plane:<\/strong> Mobile clients call runtime endpoints; custom APIs call downstream services\/databases.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Typical integrations with related services<\/h3>\n\n\n\n<p>Common integrations (choose based on your actual environment and available services):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Identity provider<\/strong> for user auth (Oracle Identity services or enterprise IdP via federation)<\/li>\n<li><strong>Oracle Integration<\/strong> (for orchestrations and SaaS integration)<\/li>\n<li><strong>Databases<\/strong> (Autonomous Database \/ Oracle Database) via REST or custom API code<\/li>\n<li><strong>Object storage \/ file services<\/strong> (if used by your app; may be direct OCI services or through your backend)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services (conceptual)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identity (OAuth issuance\/validation)<\/li>\n<li>Network connectivity to downstream services<\/li>\n<li>Notification providers (APNS\/FCM) if using push<\/li>\n<li>DNS\/TLS endpoints for Mobile Hub runtime<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model (typical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HTTPS for transport<\/li>\n<li>OAuth 2.0 tokens for API calls<\/li>\n<li>App\/client credentials (client ID\/secret) for token retrieval or app identification<\/li>\n<li>Role-based access controls at API level (where supported)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mobile apps connect over the internet to Mobile Hub public endpoints.<\/li>\n<li>Mobile Hub connects to downstream services using configured connectivity (public endpoints, VPN, private networking options depending on environment and what Mobile Hub supports in your tenancy\u2014<strong>verify<\/strong>).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define logging standards (request IDs, correlation IDs).<\/li>\n<li>Implement API error handling (consistent HTTP codes and JSON errors).<\/li>\n<li>Track API latency and error rates.<\/li>\n<li>Establish release management for custom APIs and configuration changes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  A[Mobile App (iOS\/Android)] --&gt;|HTTPS + OAuth token| B[Oracle Cloud Mobile Hub]\n  B --&gt;|Custom API| C[Downstream REST\/SOAP Services]\n  B --&gt;|Optional| D[(Database)]\n  B --&gt;|Optional| E[Push Providers (APNS\/FCM)]\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Clients\n    M1[iOS App]\n    M2[Android App]\n  end\n\n  subgraph OracleCloud[Oracle Cloud]\n    MH[Mobile Hub Instance]\n    MB1[Mobile Backend - Dev]\n    MB2[Mobile Backend - Prod]\n    LOG[Logs\/Diagnostics\\n(varies by edition)]\n  end\n\n  subgraph Identity\n    IDP[Oracle Identity \/ Enterprise IdP\\n(OAuth\/OIDC, federation)]\n  end\n\n  subgraph Enterprise\n    INT[Integration Layer \/ API Management\\n(optional)]\n    S1[CRM\/ERP SaaS APIs]\n    S2[On-prem REST\/SOAP Services]\n    DB[(Database)]\n  end\n\n  M1 --&gt;|OAuth login \/ token| IDP\n  M2 --&gt;|OAuth login \/ token| IDP\n\n  M1 --&gt;|API calls| MH\n  M2 --&gt;|API calls| MH\n\n  MH --&gt; MB1\n  MH --&gt; MB2\n\n  MH --&gt;|telemetry| LOG\n\n  MH --&gt;|secure calls| INT\n  INT --&gt; S1\n  INT --&gt; S2\n  INT --&gt; DB\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<p>Because Mobile Hub availability depends on Oracle Cloud environment and entitlements, confirm prerequisites early.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Account\/tenancy requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An Oracle Cloud account\/tenancy with <strong>Mobile Hub entitlement<\/strong>.<\/li>\n<li>Access to the correct console:<\/li>\n<li>Often <strong>Oracle Cloud Platform (Classic)<\/strong> \/ \u201cMy Services\u201d style console for Mobile Hub.<\/li>\n<li>Some organizations have a mix of OCI and Classic services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You typically need one or more of the following (names vary by identity model\u2014verify in your environment):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Service administrator role for Mobile Hub instance provisioning<\/li>\n<li>Mobile Hub administrator role to:<\/li>\n<li>create Mobile Backends<\/li>\n<li>create\/deploy custom APIs<\/li>\n<li>manage clients\/credentials<\/li>\n<li>configure security settings<\/li>\n<\/ul>\n\n\n\n<p>If your organization uses Oracle Identity Cloud Service (or another IdP), you may also need:\n&#8211; App registration permissions (for OAuth clients)\n&#8211; Group\/role management permissions (to map user roles to API access)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A paid subscription\/contract that includes Mobile Hub (or Universal Credits\/other Oracle commercial model, depending on your procurement).<\/li>\n<li>Free tier availability for Mobile Hub is not guaranteed\u2014<strong>verify in official pricing<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools needed<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web browser (for Mobile Hub console)<\/li>\n<li><code>curl<\/code> (or Postman\/Insomnia) for API testing<\/li>\n<li>A text editor for API definition\/code edits (if console supports direct editing, you still benefit from offline copies)<\/li>\n<li>Optional: Git for source control of custom API projects<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mobile Hub availability is <strong>not universal<\/strong> across all Oracle Cloud regions and tenancy types.<\/li>\n<li>Verify the regions supported for your account in:<\/li>\n<li>Oracle Cloud console service creation<\/li>\n<li>Official documentation for Mobile Hub<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<p>Limits vary by subscription\/edition, but commonly include:\n&#8211; Number of Mobile Backends per instance\n&#8211; Custom API package size\n&#8211; Request size\/timeouts\n&#8211; Log retention\n&#8211; Push notification quotas (if included)<\/p>\n\n\n\n<p><strong>Verify in official docs<\/strong> for your Mobile Hub version.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services (optional but common)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identity provider setup for OAuth (Oracle Identity or enterprise IdP)<\/li>\n<li>Downstream API endpoints to integrate with (a test REST service is sufficient for the lab)<\/li>\n<li>APNS\/FCM credentials if testing push notifications<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing model (high-level, accurate approach)<\/h3>\n\n\n\n<p>Oracle Cloud <strong>Mobile Hub<\/strong> pricing depends on how Oracle packages it for your contract and whether it is delivered as part of a broader Oracle PaaS bundle. In many organizations, it is purchased via:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Oracle PaaS subscriptions<\/strong> (often capacity\/instance-based), and\/or<\/li>\n<li><strong>Oracle Universal Credits<\/strong> (usage-based spending model), depending on your Oracle agreement.<\/li>\n<\/ul>\n\n\n\n<p>Because Oracle\u2019s service catalog and commercial packaging can differ by region and contract, <strong>do not assume a single public per-hour price<\/strong>.<\/p>\n\n\n\n<p>To price Mobile Hub correctly for your account:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Start with Oracle\u2019s official pricing entry points:<\/li>\n<li>Oracle Cloud Pricing: https:\/\/www.oracle.com\/cloud\/pricing\/<\/li>\n<li>Oracle Cloud Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/li>\n<li>Oracle Cloud price list landing page (often links to price lists): https:\/\/www.oracle.com\/cloud\/price-list\/<\/li>\n<\/ul>\n\n\n\n<p>Then confirm whether Mobile Hub appears as a standalone line item or as part of a bundled PaaS offering for your tenancy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions to expect (typical)<\/h3>\n\n\n\n<p>Depending on how Mobile Hub is sold in your environment, cost may be driven by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Service instance \/ edition<\/strong> (dev vs production sizing; number of instances)<\/li>\n<li><strong>Included capacity<\/strong> (requests, throughput, environments\u2014varies)<\/li>\n<li><strong>Add-on features<\/strong> (if your edition separates push\/analytics\/etc.)<\/li>\n<li><strong>Support level<\/strong> (Oracle support tier)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Oracle Cloud has a Free Tier for many OCI services, but <strong>Mobile Hub Free Tier availability is not guaranteed<\/strong>.<\/li>\n<li>Treat Mobile Hub as <strong>likely paid<\/strong> unless your contract explicitly includes it.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Key cost drivers (direct and indirect)<\/h3>\n\n\n\n<p>Even if Mobile Hub itself is bundled, production architectures almost always include costs from:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Outbound data transfer<\/strong> (egress) to mobile clients (region-dependent pricing)<\/li>\n<li><strong>Downstream services<\/strong>:<\/li>\n<li>OCI load balancers\/API gateways (if used)<\/li>\n<li>Databases (Autonomous Database, Oracle Database)<\/li>\n<li>Object storage<\/li>\n<li>Integration services<\/li>\n<li><strong>Operational costs<\/strong>:<\/li>\n<li>Additional environments (dev\/test\/prod)<\/li>\n<li>Logging retention\/export if integrated into centralized logging<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs to plan for<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Push notification provider costs<\/strong> are usually not charged by APNS, and FCM is typically free for basic use, but your operational effort and messaging patterns can affect:<\/li>\n<li>app engagement tooling<\/li>\n<li>observability overhead<\/li>\n<li><strong>API payload size<\/strong> and response frequency drive egress and performance costs.<\/li>\n<li><strong>Identity provider<\/strong> licensing\/tiers if you use advanced identity features.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<p>Mobile apps are internet clients, so your design affects cost and performance:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer compression and efficient JSON payloads.<\/li>\n<li>Use caching and conditional requests when applicable.<\/li>\n<li>Avoid returning large lists without pagination.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost optimization strategies<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>separate dev\/test instance(s)<\/strong> with constrained access and reduced logging.<\/li>\n<li>Optimize API responses (pagination, filtering, avoid overfetching).<\/li>\n<li>Control log verbosity in production.<\/li>\n<li>Use environment variables\/configuration to avoid multiple API variants per environment.<\/li>\n<li>Consider an API aggregation endpoint to reduce chatty client behavior.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (non-numeric)<\/h3>\n\n\n\n<p>A minimal starter setup for learning typically includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1 Mobile Hub instance (dev)<\/li>\n<li>1 Mobile Backend<\/li>\n<li>1 Custom API with a single endpoint<\/li>\n<li>Minimal logs retained<\/li>\n<li>API testing via curl\/Postman<\/li>\n<\/ul>\n\n\n\n<p>Costs you should expect:\n&#8211; The Mobile Hub subscription (if not included elsewhere)\n&#8211; Minimal outbound data transfer (small payloads)<\/p>\n\n\n\n<p>Because exact pricing varies, estimate by:\n&#8211; confirming the Mobile Hub SKU (or bundle) in your Oracle contract\n&#8211; estimating expected monthly egress (GB\/month) and any associated charges<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations (non-numeric)<\/h3>\n\n\n\n<p>A production architecture typically includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Separate prod instance or hardened backend configuration<\/li>\n<li>Multiple custom APIs and integrations<\/li>\n<li>Higher traffic, higher egress<\/li>\n<li>Downstream services (DB, integration, monitoring)<\/li>\n<li>Stronger logging and audit retention<\/li>\n<\/ul>\n\n\n\n<p>Cost levers:\n&#8211; API call volume and payload size (egress + scaling)\n&#8211; Number of environments and instances\n&#8211; Integration service consumption\n&#8211; Database sizing and query efficiency<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Create a <strong>Mobile Backend<\/strong> and deploy a simple <strong>Custom API<\/strong> (\u201cHello API\u201d) in Oracle Cloud <strong>Mobile Hub<\/strong>, secure it with the service\u2019s standard authentication model (commonly OAuth), and call it from your workstation using <code>curl<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Confirm you can access a Mobile Hub instance (or provision one if your account allows).<\/li>\n<li>Create a Mobile Backend to represent an app environment.<\/li>\n<li>Create and deploy a Custom API with a <code>GET \/hello<\/code> endpoint.<\/li>\n<li>Obtain credentials\/tokens as required by your Mobile Hub configuration.<\/li>\n<li>Call the endpoint and validate the response.<\/li>\n<li>Clean up resources to avoid ongoing cost and clutter.<\/li>\n<\/ol>\n\n\n\n<blockquote>\n<p>If your console screens differ: Mobile Hub has had multiple releases and environments. Follow the same logical steps using the UI your tenancy provides, and <strong>verify exact menu names in official docs<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Confirm Mobile Hub availability and open the console<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Sign in to your Oracle Cloud environment.<\/li>\n<li>Locate <strong>Mobile Hub<\/strong> in your service catalog\/console.\n   &#8211; In some organizations, this may be under Oracle Cloud Platform (Classic) services.<\/li>\n<li>Open the Mobile Hub service instance.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You can access the Mobile Hub administration UI\/dashboard.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; You can see navigation items for backends\/APIs\/security (names vary).<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; <strong>You cannot find Mobile Hub in the console.<\/strong>\n  &#8211; Fix: Confirm entitlements with your Oracle admin or contract owner. Check official docs for current availability and whether Mobile Hub is limited to specific Oracle Cloud environments.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create a Mobile Backend<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the Mobile Hub console, find <strong>Mobile Backends<\/strong> (or similarly named section).<\/li>\n<li>Click <strong>Create<\/strong>.<\/li>\n<li>Enter:\n   &#8211; Name: <code>demo-backend<\/code>\n   &#8211; Description: <code>Demo backend for Hello API lab<\/code><\/li>\n<li>Choose environment or template options if prompted (keep defaults for a first lab).<\/li>\n<li>Create the backend.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A new backend appears in the backends list.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Open <code>demo-backend<\/code> and confirm you can access its settings page.<\/p>\n\n\n\n<p><strong>Notes<\/strong>\n&#8211; Many platforms let you create multiple backends (dev\/test\/prod). For this lab, you only need one.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create a Custom API project (Hello API)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>APIs<\/strong> (or \u201cCustom APIs\u201d).<\/li>\n<li>Click <strong>New API<\/strong> \u2192 choose <strong>Custom API<\/strong> (wording varies).<\/li>\n<li>Provide:\n   &#8211; API Name: <code>helloapi<\/code>\n   &#8211; Version: <code>1.0<\/code> (or accept default)\n   &#8211; Base path: <code>\/helloapi<\/code> (or accept default base path)<\/li>\n<li>Create the API.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A new API project is created with a scaffold (definition + implementation).<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; You can open the API and see editable files (often an API definition file and JavaScript implementation files).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Define the <code>GET \/hello<\/code> endpoint in the API definition<\/h3>\n\n\n\n<p>Many Mobile Hub \/ MCS-style custom APIs are defined using an API descriptor (often RAML). Your API project may include a file such as <code>api.raml<\/code> (name can vary). Update it to include a <code>GET \/hello<\/code> endpoint.<\/p>\n\n\n\n<p>If your project uses RAML, the definition may look similar to this (adjust to the template your service generated):<\/p>\n\n\n\n<pre><code class=\"language-raml\">#%RAML 0.8\ntitle: Hello API\nversion: 1.0\nbaseUri: \/helloapi\n\n\/hello:\n  get:\n    description: Returns a friendly greeting\n    responses:\n      200:\n        body:\n          application\/json:\n            example: |\n              { \"message\": \"Hello from Mobile Hub\" }\n<\/code><\/pre>\n\n\n\n<blockquote>\n<p>If your template uses a different RAML version or OpenAPI, follow the format the scaffold uses. <strong>Do not change spec version unless the docs say it\u2019s supported.<\/strong><\/p>\n<\/blockquote>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; The API definition includes <code>\/hello<\/code> with a 200 JSON response.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; The console shows the endpoint in the API\u2019s endpoints\/resources list (if it has such a view).<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; Validation error in the API definition.\n  &#8211; Fix: Keep indentation exact for RAML; ensure the header line (e.g., <code>#%RAML 0.8<\/code>) matches the scaffold.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Implement the endpoint in the Custom API code<\/h3>\n\n\n\n<p>Mobile Hub custom APIs typically provide an implementation entry point (often JavaScript) where you register handlers. The exact structure depends on your Mobile Hub version.<\/p>\n\n\n\n<p>Look for a generated implementation file referenced by the scaffold. Add a handler for <code>GET \/hello<\/code>.<\/p>\n\n\n\n<p>A commonly used pattern looks like:<\/p>\n\n\n\n<pre><code class=\"language-javascript\">\/**\n * Hello API implementation (example)\n * Adjust module structure to match your scaffolded project.\n *\/\nmodule.exports = function(service) {\n  service.get('\/hello', function(req, res) {\n    res.status(200).json({\n      message: 'Hello from Mobile Hub',\n      timestamp: new Date().toISOString()\n    });\n  });\n};\n<\/code><\/pre>\n\n\n\n<p>If your scaffold uses Express Router instead, it may look like:<\/p>\n\n\n\n<pre><code class=\"language-javascript\">const express = require('express');\nconst router = express.Router();\n\nrouter.get('\/hello', (req, res) =&gt; {\n  res.status(200).json({\n    message: 'Hello from Mobile Hub',\n    timestamp: new Date().toISOString()\n  });\n});\n\nmodule.exports = router;\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; The API has code that returns JSON for <code>GET \/hello<\/code>.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; The project passes any built-in \u201cvalidate\u201d checks in the console (if available).<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; Handler not invoked due to path mismatch.\n  &#8211; Fix: Ensure the runtime path mapping matches the base path and the route definition. If base path is <code>\/helloapi<\/code>, then the full path is typically <code>\/helloapi\/hello<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Deploy the Custom API<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the API project page, click <strong>Deploy<\/strong> (or \u201cPublish\u201d).<\/li>\n<li>Select the target environment\/backend if prompted.<\/li>\n<li>Wait for deployment to complete.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Deployment succeeds and the API shows as active\/deployed.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; The API status indicates deployed.\n&#8211; The backend (<code>demo-backend<\/code>) shows the API as associated\/enabled (if Mobile Hub requires explicit association).<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; Deployment fails with package\/manifest errors.\n  &#8211; Fix: Ensure you didn\u2019t remove required scaffold files. If the console provides logs, open them and correct missing metadata.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Configure security and get the correct base URL and credentials<\/h3>\n\n\n\n<p>Mobile Hub API calls usually require:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A <strong>base URL<\/strong> for the runtime<\/li>\n<li>Possibly a required <strong>backend identifier header<\/strong> (common in MCS-style environments)<\/li>\n<li>An <strong>OAuth token<\/strong> (or other configured auth mode)<\/li>\n<\/ul>\n\n\n\n<p>In the Mobile Hub console, locate the section for:\n&#8211; Runtime URLs \/ endpoints\n&#8211; OAuth token endpoint (if applicable)\n&#8211; Client\/app credentials (client ID\/secret)\n&#8211; Backend ID (if required as a header)<\/p>\n\n\n\n<p>Record:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>BASE_URL<\/code> (example format will differ)<\/li>\n<li><code>TOKEN_URL<\/code> (if OAuth is used)<\/li>\n<li><code>CLIENT_ID<\/code><\/li>\n<li><code>CLIENT_SECRET<\/code><\/li>\n<li><code>BACKEND_ID<\/code> (if your environment requires something like <code>Oracle-Mobile-Backend-ID<\/code> header)<\/li>\n<\/ul>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You have the values required to call the API.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; You can see the credentials and endpoint URLs in the console.<\/p>\n\n\n\n<p><strong>Security note<\/strong>\n&#8211; Treat <code>CLIENT_SECRET<\/code> like a password. Don\u2019t commit it to Git. Don\u2019t paste into tickets\/chat.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8: Obtain an access token (if OAuth is enabled)<\/h3>\n\n\n\n<p>If your Mobile Hub uses OAuth client credentials grant (common for service-to-service or test calls), it may look like the following. <strong>Use the exact token URL provided by your console<\/strong>:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export TOKEN_URL=\"https:\/\/&lt;your-mobilehub-host&gt;\/&lt;path-to-oauth-token&gt;\"\nexport CLIENT_ID=\"&lt;your-client-id&gt;\"\nexport CLIENT_SECRET=\"&lt;your-client-secret&gt;\"\n\ncurl -s -u \"${CLIENT_ID}:${CLIENT_SECRET}\" \\\n  -d \"grant_type=client_credentials\" \\\n  \"${TOKEN_URL}\"\n<\/code><\/pre>\n\n\n\n<p>You should receive JSON containing an <code>access_token<\/code>.<\/p>\n\n\n\n<p>Set it:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export ACCESS_TOKEN=\"&lt;paste-access-token-here&gt;\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You have a valid bearer token.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Decode token (if JWT) only if appropriate; otherwise just test it by calling the API.\n&#8211; If the token response includes <code>expires_in<\/code>, note expiration.<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; <code>401 Unauthorized<\/code> from token endpoint\n  &#8211; Fix: Confirm client ID\/secret, token URL, and grant type supported by your Mobile Hub configuration.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 9: Call <code>GET \/hello<\/code> using curl<\/h3>\n\n\n\n<p>Use the base URL and endpoint path from your API deployment.<\/p>\n\n\n\n<p>Example call pattern:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export BASE_URL=\"https:\/\/&lt;your-mobilehub-runtime-host&gt;\/&lt;runtime-base-path&gt;\"\nexport BACKEND_ID=\"&lt;your-backend-id-if-required&gt;\"\n\ncurl -s -X GET \\\n  \"${BASE_URL}\/helloapi\/hello\" \\\n  -H \"Authorization: Bearer ${ACCESS_TOKEN}\" \\\n  -H \"Accept: application\/json\" \\\n  -H \"Oracle-Mobile-Backend-ID: ${BACKEND_ID}\"\n<\/code><\/pre>\n\n\n\n<blockquote>\n<p>If your environment does not require <code>Oracle-Mobile-Backend-ID<\/code>, remove that header. If it requires a differently named header, use the one shown in your console\/docs.<\/p>\n<\/blockquote>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You receive HTTP 200 and a JSON payload like:<\/p>\n\n\n\n<pre><code class=\"language-json\">{\n  \"message\": \"Hello from Mobile Hub\",\n  \"timestamp\": \"2026-04-16T10:15:30.000Z\"\n}\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use the checks below to confirm everything is working:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>API reachable<\/strong>\n   &#8211; You get a response (not DNS\/TLS errors).<\/li>\n<li><strong>Authentication correct<\/strong>\n   &#8211; 200 OK with JSON body (not 401\/403).<\/li>\n<li><strong>Correct routing<\/strong>\n   &#8211; Response payload matches your handler.<\/li>\n<li><strong>Logs<\/strong>\n   &#8211; If Mobile Hub provides request logs, confirm the request appears with 200 status.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p>Common problems and realistic fixes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>401 Unauthorized<\/strong><\/li>\n<li>Token missing\/expired: request a new token.<\/li>\n<li>Wrong <code>Authorization<\/code> header format: must be <code>Bearer &lt;token&gt;<\/code>.<\/li>\n<li>\n<p>Wrong client credentials: confirm you used the correct app\/client in Mobile Hub.<\/p>\n<\/li>\n<li>\n<p><strong>403 Forbidden<\/strong><\/p>\n<\/li>\n<li>Role\/policy prevents access: update API security policy to allow your client\/user role.<\/li>\n<li>\n<p>Backend association missing: ensure the API is enabled for <code>demo-backend<\/code>.<\/p>\n<\/li>\n<li>\n<p><strong>404 Not Found<\/strong><\/p>\n<\/li>\n<li>Wrong base path or endpoint path: confirm deployment base path and route (<code>\/helloapi\/hello<\/code>).<\/li>\n<li>\n<p>API not deployed: redeploy and confirm status is \u201cdeployed\u201d.<\/p>\n<\/li>\n<li>\n<p><strong>500 Internal Server Error<\/strong><\/p>\n<\/li>\n<li>Bug in handler code: check runtime logs; add basic error handling.<\/li>\n<li>\n<p>Missing required modules\/files: ensure scaffold dependencies are intact.<\/p>\n<\/li>\n<li>\n<p><strong>TLS\/Certificate errors<\/strong><\/p>\n<\/li>\n<li>Corporate proxy issues: try from a network that can reach the endpoint or configure proxy settings appropriately.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid cost and reduce clutter:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In Mobile Hub, un-deploy or delete the <code>helloapi<\/code> custom API.<\/li>\n<li>Delete the <code>demo-backend<\/code> mobile backend.<\/li>\n<li>Remove\/rotate test client credentials if they were created only for this lab.<\/li>\n<li>If you provisioned a dedicated Mobile Hub instance for the lab and you are allowed to delete it, delete it per your organization\u2019s process.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Your account no longer contains the test backend\/API.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use Mobile Hub as a <strong>BFF layer<\/strong>:<\/li>\n<li>Keep endpoints mobile-friendly (small payloads, minimal chattiness).<\/li>\n<li>Avoid exposing internal service structures directly.<\/li>\n<li>Use <strong>contract-first design<\/strong> (RAML\/OpenAPI as supported).<\/li>\n<li>Keep custom API logic thin:<\/li>\n<li>Validate inputs<\/li>\n<li>Orchestrate downstream calls<\/li>\n<li>Transform payloads<\/li>\n<li>Avoid heavy business logic when possible (push complex logic to dedicated services)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>least privilege<\/strong>:<\/li>\n<li>Separate roles for admin vs developer vs operator.<\/li>\n<li>Use <strong>separate clients<\/strong> per app and environment.<\/li>\n<li>Rotate secrets regularly; never embed long-lived secrets in mobile apps.<\/li>\n<li>Enforce HTTPS and disable weak configurations (rely on Oracle managed TLS endpoints).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Minimize payload sizes and avoid large responses.<\/li>\n<li>Use pagination and filtering for list endpoints.<\/li>\n<li>Reduce log verbosity in production, and define retention aligned to incident needs.<\/li>\n<li>Keep dev\/test traffic and environments constrained.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use caching strategies where appropriate:<\/li>\n<li>Client-side caching (ETags, If-Modified-Since) if your API supports it<\/li>\n<li>Short-lived caching at downstream services<\/li>\n<li>Use timeouts and circuit-breaker patterns in custom APIs (where you can implement them).<\/li>\n<li>Avoid sequential downstream calls when parallel calls are safe and supported by your runtime.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define consistent error responses:<\/li>\n<li><code>400<\/code> for validation errors<\/li>\n<li><code>401\/403<\/code> for auth errors<\/li>\n<li><code>429<\/code> for throttling (if enforced)<\/li>\n<li><code>500<\/code> for unexpected errors (with correlation IDs)<\/li>\n<li>Implement idempotency where needed (especially for POST actions invoked by flaky mobile networks).<\/li>\n<li>Use retries carefully (avoid retry storms).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Add structured logging:<\/li>\n<li>include request IDs, user IDs (non-sensitive), and backend correlation IDs<\/li>\n<li>Set up alerting based on:<\/li>\n<li>error rate spikes<\/li>\n<li>latency increases<\/li>\n<li>auth failures<\/li>\n<li>Document runbooks for common failures (token issues, downstream outages).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Standard naming:<\/li>\n<li><code>appname-dev-backend<\/code>, <code>appname-prod-backend<\/code><\/li>\n<li><code>ordersapi-v1<\/code>, <code>profileapi-v2<\/code><\/li>\n<li>Track ownership:<\/li>\n<li>include owner team and contact in descriptions or tags (where supported)<\/li>\n<li>Use change control for production API deployments.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<p>Mobile Hub commonly relies on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OAuth<\/strong> for API access control<\/li>\n<li><strong>Client credentials<\/strong> to identify apps\/services<\/li>\n<li><strong>User identities<\/strong> (federated or managed) for user-context access<\/li>\n<\/ul>\n\n\n\n<p>Security actions:\n&#8211; Use separate identities for:\n  &#8211; admins (full control)\n  &#8211; developers (deploy APIs)\n  &#8211; operators (read logs, monitor)\n&#8211; Avoid shared accounts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>In transit:<\/strong> Use HTTPS for all API calls.<\/li>\n<li><strong>At rest:<\/strong> Data stored by the service (logs\/config) is typically encrypted by Oracle-managed controls (verify in official docs\/security papers for your service version).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mobile Hub endpoints are typically <strong>publicly reachable<\/strong> (by design, to serve mobile clients).<\/li>\n<li>Protect downstream systems by:<\/li>\n<li>placing them behind controlled integration layers<\/li>\n<li>restricting inbound access to only Mobile Hub (where feasible)<\/li>\n<li>using private connectivity options if supported in your environment (verify)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not embed client secrets in mobile apps.<\/li>\n<li>Use backend token exchange patterns:<\/li>\n<li>mobile app authenticates user<\/li>\n<li>backend exchanges for tokens or uses a secure flow<\/li>\n<li>Rotate secrets and keep them in approved secret stores (and only reference them in config).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable and retain:<\/li>\n<li>auth events<\/li>\n<li>admin actions (deployments\/config changes)<\/li>\n<li>request logs for production incident response<\/li>\n<li>Export logs to centralized tooling if your environment supports it (verify).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Classify data and restrict sensitive data exposure in mobile APIs.<\/li>\n<li>Mask or omit PII unless required.<\/li>\n<li>Apply retention policies to logs that might contain identifiers.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Shipping long-lived secrets inside the app<\/li>\n<li>Over-permissive roles that allow all endpoints<\/li>\n<li>No rate limiting or abuse protection (if not built-in, implement at adjacent layers)<\/li>\n<li>Returning detailed stack traces to clients<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use separate environments and clients per stage.<\/li>\n<li>Enforce strong policies for production:<\/li>\n<li>least privilege<\/li>\n<li>minimal logs containing sensitive data<\/li>\n<li>strict change control and approvals<\/li>\n<li>Threat model your mobile API:<\/li>\n<li>token theft<\/li>\n<li>replay attacks<\/li>\n<li>request tampering<\/li>\n<li>abuse\/DoS<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because Mobile Hub is a managed service and has evolved over time, plan for these common realities:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Availability constraints<\/strong><\/li>\n<li>Mobile Hub might not be available in all Oracle Cloud regions\/tenancy types.<\/li>\n<li>Some accounts may not be able to provision new instances (contract\/portfolio changes).<\/li>\n<li><strong>Edition\/version differences<\/strong><\/li>\n<li>Features like analytics, push, or connectors may vary.<\/li>\n<li><strong>Runtime constraints<\/strong><\/li>\n<li>Custom API execution timeouts, memory limits, and package size limits.<\/li>\n<li><strong>API contract format constraints<\/strong><\/li>\n<li>If RAML is required, your organization may need to adapt tooling.<\/li>\n<li><strong>Auth\/header requirements<\/strong><\/li>\n<li>Some environments require a backend ID header for calls; forgetting it causes 401\/403.<\/li>\n<li><strong>Mobile app secret management<\/strong><\/li>\n<li>Client secrets are not safe in mobile apps; design flows accordingly.<\/li>\n<li><strong>Operational gaps<\/strong><\/li>\n<li>Exporting logs\/metrics may be limited compared to OCI-native observability, depending on your environment.<\/li>\n<li><strong>Migration challenges<\/strong><\/li>\n<li>If you later move to OCI API Gateway + Functions or Kubernetes, custom API logic and auth patterns may need refactoring.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Mobile backends can be built using many approaches. Here\u2019s how Mobile Hub compares.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Oracle Cloud Mobile Hub<\/strong><\/td>\n<td>Organizations wanting an Oracle-managed MBaaS-style mobile backend<\/td>\n<td>Managed platform, mobile backend concepts, centralized API security patterns<\/td>\n<td>Availability\/packaging may vary; platform coupling; feature set depends on edition\/version<\/td>\n<td>You already have Mobile Hub entitlement and want a managed mobile backend layer<\/td>\n<\/tr>\n<tr>\n<td><strong>OCI API Gateway + OCI Functions<\/strong><\/td>\n<td>Cloud-native API + serverless backend on OCI<\/td>\n<td>OCI-native, strong integration with IAM\/logging (OCI), flexible runtime<\/td>\n<td>You build more yourself (auth flows, mobile features like push)<\/td>\n<td>You want OCI-native architecture and Mobile Hub isn\u2019t available or doesn\u2019t fit<\/td>\n<\/tr>\n<tr>\n<td><strong>Oracle Integration (OIC)<\/strong><\/td>\n<td>Orchestration between SaaS\/on-prem with low-code integration<\/td>\n<td>Strong integration tooling, connectors, process automation<\/td>\n<td>Not primarily a mobile backend; may need an API facade layer<\/td>\n<td>You mainly need integration\/orchestration and can front it with an API layer<\/td>\n<\/tr>\n<tr>\n<td><strong>Oracle Visual Builder<\/strong><\/td>\n<td>Rapid app development (including web\/mobile experiences)<\/td>\n<td>Faster UI development, Oracle ecosystem integration<\/td>\n<td>Not a direct replacement for MBaaS patterns in all cases<\/td>\n<td>You want low-code app development and your requirements fit VBCS<\/td>\n<\/tr>\n<tr>\n<td><strong>Firebase (Google)<\/strong><\/td>\n<td>Startups\/mobile-first teams needing push\/auth\/db quickly<\/td>\n<td>Excellent mobile SDKs, push\/auth built-in<\/td>\n<td>Strong Google ecosystem coupling; enterprise integration may require extra work<\/td>\n<td>You want mobile-first acceleration and accept the ecosystem tradeoffs<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS Amplify<\/strong><\/td>\n<td>Full-stack mobile\/web apps on AWS<\/td>\n<td>Strong tooling, auth, API, hosting integration<\/td>\n<td>AWS coupling; enterprise integration patterns vary<\/td>\n<td>You are standardized on AWS and want managed mobile backend patterns<\/td>\n<\/tr>\n<tr>\n<td><strong>Self-managed (Kubernetes + API gateway)<\/strong><\/td>\n<td>Maximum control and portability<\/td>\n<td>Full control, portability, custom security<\/td>\n<td>Higher ops burden, longer time-to-market<\/td>\n<td>You need custom requirements and can staff operations and security properly<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Field service mobile app for a manufacturing company<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Technicians need a mobile app to view work orders, update job status, and upload photos. Backend systems are a mix of on-prem SOAP services and a modern REST service.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Mobile app calls <strong>Mobile Hub<\/strong> APIs<\/li>\n<li>Mobile Hub custom API implements <code>\/workorders<\/code> endpoints<\/li>\n<li>Custom API calls:<ul>\n<li>an integration layer for SOAP-to-REST transformation<\/li>\n<li>a REST service for asset data<\/li>\n<\/ul>\n<\/li>\n<li>OAuth enforced for all endpoints; roles: <code>TECH<\/code>, <code>SUPERVISOR<\/code><\/li>\n<li><strong>Why Mobile Hub was chosen:<\/strong><\/li>\n<li>Centralized API security and backend patterns for multiple mobile apps<\/li>\n<li>Faster creation of a mobile-friendly API facade than building a bespoke platform<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Reduced time to deliver mobile MVP<\/li>\n<li>Consistent security enforcement<\/li>\n<li>Better operational visibility into API failures and latency (based on available logging)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: Retail loyalty app MVP<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Small team needs a loyalty app with a few endpoints (profile, points balance) and push notifications for promotions.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Mobile app calls Mobile Hub <code>\/profile<\/code> and <code>\/points<\/code> APIs<\/li>\n<li>Custom API connects to a small database\/service<\/li>\n<li>Push notifications configured using APNS\/FCM credentials<\/li>\n<li><strong>Why Mobile Hub was chosen:<\/strong><\/li>\n<li>Managed backend to avoid hiring dedicated backend ops early<\/li>\n<li>Built-in mobile backend concepts accelerate delivery<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>MVP shipped quickly with a secure API layer<\/li>\n<li>Ability to iterate API contracts while maintaining governance<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Is Oracle Cloud Mobile Hub the same as Oracle Mobile Cloud Service (MCS)?<\/strong><br\/>\n   They are closely related historically, and some documentation and concepts overlap. Naming and packaging have changed over time. <strong>Verify in official Oracle docs for your tenancy\/version<\/strong>.<\/p>\n<\/li>\n<li>\n<p><strong>Can I use Mobile Hub if my organization only uses OCI (not Classic)?<\/strong><br\/>\n   Not always. Mobile Hub availability can depend on tenancy type and entitlements. Check your Oracle Cloud service catalog and official docs.<\/p>\n<\/li>\n<li>\n<p><strong>What authentication does Mobile Hub use for APIs?<\/strong><br\/>\n   Commonly OAuth-based patterns with client credentials and\/or user tokens. Exact flows and endpoints vary\u2014confirm in your Mobile Hub console\/docs.<\/p>\n<\/li>\n<li>\n<p><strong>Do I need to put client secrets in my mobile app?<\/strong><br\/>\n   No. Mobile apps are not a safe place for secrets. Use user-based auth flows and backend token exchange patterns.<\/p>\n<\/li>\n<li>\n<p><strong>Can Mobile Hub connect to on-prem systems?<\/strong><br\/>\n   Often yes, through integration layers and network connectivity patterns (VPN\/private links\/proxies depending on what your environment supports). Validate connectivity options in your deployment.<\/p>\n<\/li>\n<li>\n<p><strong>Does Mobile Hub support OpenAPI\/Swagger?<\/strong><br\/>\n   Some releases emphasize RAML for custom API definitions. Support for OpenAPI depends on version\u2014<strong>verify in official docs<\/strong>.<\/p>\n<\/li>\n<li>\n<p><strong>How do I version APIs?<\/strong><br\/>\n   Usually by versioning the API project and\/or base path conventions (e.g., <code>\/v1<\/code>). The exact mechanism depends on the platform features.<\/p>\n<\/li>\n<li>\n<p><strong>Is push notification support included?<\/strong><br\/>\n   It may be included in some editions\/versions. Push always requires APNS\/FCM setup. Confirm availability in your console.<\/p>\n<\/li>\n<li>\n<p><strong>How do I monitor API health?<\/strong><br\/>\n   Use Mobile Hub logs\/diagnostics features where available, plus external monitoring if your environment supports exporting metrics\/logs.<\/p>\n<\/li>\n<li>\n<p><strong>Can I use Mobile Hub as an enterprise API gateway?<\/strong><br\/>\n   It can act as a mobile-focused API facade, but it may not replace a full API management platform. For enterprise-wide API management, evaluate Oracle\u2019s API management offerings and OCI services.<\/p>\n<\/li>\n<li>\n<p><strong>What\u2019s the best way to structure endpoints for mobile?<\/strong><br\/>\n   Use BFF patterns: endpoints aligned to screens\/workflows (e.g., <code>\/home<\/code>, <code>\/workorders\/summary<\/code>) rather than mirroring backend tables.<\/p>\n<\/li>\n<li>\n<p><strong>How do I handle offline support?<\/strong><br\/>\n   Mobile Hub may not provide full offline sync in all versions. Many teams implement offline in the app plus APIs supporting incremental sync (e.g., <code>updatedSince<\/code>).<\/p>\n<\/li>\n<li>\n<p><strong>How do I protect downstream services from overload?<\/strong><br\/>\n   Use throttling\/rate limiting where available, timeouts, circuit breakers, and caching.<\/p>\n<\/li>\n<li>\n<p><strong>Can I deploy custom code in Mobile Hub?<\/strong><br\/>\n   Many Mobile Hub environments support custom APIs with hosted code. Confirm supported runtimes, limits, and deployment workflow in your docs.<\/p>\n<\/li>\n<li>\n<p><strong>What should I use instead if Mobile Hub isn\u2019t available to me?<\/strong><br\/>\n   On Oracle Cloud, consider OCI API Gateway + OCI Functions (serverless) or OKE (Kubernetes), plus Oracle Integration for connectors\/workflows, depending on your needs.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Mobile Hub<\/h2>\n\n\n\n<p>Use official Oracle sources first, because Mobile Hub naming and packaging can vary by environment and version.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>Oracle Docs (Mobile Hub) \u2013 start from docs.oracle.com search results<\/td>\n<td>Canonical guidance for your version; explains console, APIs, security, and custom API development<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>Oracle Cloud Documentation main entry: https:\/\/docs.oracle.com\/en\/cloud\/<\/td>\n<td>Starting point to navigate to Mobile Hub and related services<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Oracle Cloud Pricing: https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<td>Official entry for pricing models and service catalog<\/td>\n<\/tr>\n<tr>\n<td>Official calculator<\/td>\n<td>Oracle Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<td>Helps estimate related OCI costs (egress, databases, etc.)<\/td>\n<\/tr>\n<tr>\n<td>Official price list<\/td>\n<td>Oracle Cloud Price List landing: https:\/\/www.oracle.com\/cloud\/price-list\/<\/td>\n<td>Links to official price lists (region\/contract dependent)<\/td>\n<\/tr>\n<tr>\n<td>Architecture references<\/td>\n<td>Oracle Architecture Center: https:\/\/docs.oracle.com\/en\/solutions\/<\/td>\n<td>Patterns for Oracle Cloud architectures that may complement Mobile Hub designs<\/td>\n<\/tr>\n<tr>\n<td>Tutorials\/labs<\/td>\n<td>Oracle Cloud tutorials index: https:\/\/docs.oracle.com\/en\/learn\/<\/td>\n<td>Official hands-on learning hub (availability of Mobile Hub labs varies)<\/td>\n<\/tr>\n<tr>\n<td>Videos<\/td>\n<td>Oracle Cloud YouTube channel: https:\/\/www.youtube.com\/@OracleCloudInfrastructure<\/td>\n<td>Official talks and demos (search within for Mobile Hub \/ MCS topics)<\/td>\n<\/tr>\n<tr>\n<td>Community<\/td>\n<td>Oracle Cloud Customer Connect: https:\/\/cloudcustomerconnect.oracle.com\/<\/td>\n<td>Discussions and Q&amp;A useful for practical pitfalls and updates<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<p>The following institutes are listed as training providers. Availability, course outlines, and delivery modes can change\u2014<strong>check the websites<\/strong> for current details.<\/p>\n\n\n\n<p>1) <strong>DevOpsSchool.com<\/strong><br\/>\n&#8211; <strong>Suitable audience:<\/strong> Cloud engineers, DevOps teams, developers, platform teams<br\/>\n&#8211; <strong>Likely learning focus:<\/strong> Cloud fundamentals, DevOps practices, CI\/CD, cloud operations (Mobile Hub may be covered as part of Oracle cloud app development tracks\u2014verify)<br\/>\n&#8211; <strong>Mode:<\/strong> Check website<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.devopsschool.com\/<\/p>\n\n\n\n<p>2) <strong>ScmGalaxy.com<\/strong><br\/>\n&#8211; <strong>Suitable audience:<\/strong> DevOps learners, build\/release engineers, beginners<br\/>\n&#8211; <strong>Likely learning focus:<\/strong> SCM, CI\/CD, DevOps tooling, cloud basics (verify Oracle Cloud coverage)<br\/>\n&#8211; <strong>Mode:<\/strong> Check website<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.scmgalaxy.com\/<\/p>\n\n\n\n<p>3) <strong>CLoudOpsNow.in<\/strong><br\/>\n&#8211; <strong>Suitable audience:<\/strong> Cloud operations, SRE\/ops teams, engineers moving into cloud<br\/>\n&#8211; <strong>Likely learning focus:<\/strong> Cloud ops practices, monitoring, reliability, cost awareness (verify Oracle Cloud modules)<br\/>\n&#8211; <strong>Mode:<\/strong> Check website<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.cloudopsnow.in\/<\/p>\n\n\n\n<p>4) <strong>SreSchool.com<\/strong><br\/>\n&#8211; <strong>Suitable audience:<\/strong> SREs, operations engineers, incident responders<br\/>\n&#8211; <strong>Likely learning focus:<\/strong> Reliability engineering, observability, incident management, production readiness (Mobile Hub relevance via operations patterns)<br\/>\n&#8211; <strong>Mode:<\/strong> Check website<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.sreschool.com\/<\/p>\n\n\n\n<p>5) <strong>AiOpsSchool.com<\/strong><br\/>\n&#8211; <strong>Suitable audience:<\/strong> Ops\/platform teams adopting AIOps concepts<br\/>\n&#8211; <strong>Likely learning focus:<\/strong> AIOps, monitoring automation, analytics-driven operations (verify Oracle tooling coverage)<br\/>\n&#8211; <strong>Mode:<\/strong> Check website<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.aiopsschool.com\/<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<p>These are listed as trainer-related sites\/platforms. Verify current offerings and profiles on each site.<\/p>\n\n\n\n<p>1) <strong>RajeshKumar.xyz<\/strong><br\/>\n&#8211; <strong>Likely specialization:<\/strong> DevOps\/cloud training and consulting content (verify specifics)<br\/>\n&#8211; <strong>Suitable audience:<\/strong> Engineers seeking hands-on guidance<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/rajeshkumar.xyz\/<\/p>\n\n\n\n<p>2) <strong>devopstrainer.in<\/strong><br\/>\n&#8211; <strong>Likely specialization:<\/strong> DevOps tooling and practices (verify Oracle Cloud topics)<br\/>\n&#8211; <strong>Suitable audience:<\/strong> Beginners to intermediate DevOps engineers<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.devopstrainer.in\/<\/p>\n\n\n\n<p>3) <strong>devopsfreelancer.com<\/strong><br\/>\n&#8211; <strong>Likely specialization:<\/strong> Freelancer platform for DevOps\/cloud help (verify service listings)<br\/>\n&#8211; <strong>Suitable audience:<\/strong> Teams needing short-term expert assistance<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.devopsfreelancer.com\/<\/p>\n\n\n\n<p>4) <strong>devopssupport.in<\/strong><br\/>\n&#8211; <strong>Likely specialization:<\/strong> Production support and DevOps assistance (verify scope)<br\/>\n&#8211; <strong>Suitable audience:<\/strong> Ops teams needing troubleshooting and enablement<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.devopssupport.in\/<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<p>Listed consulting companies (neutral descriptions; verify current services directly with each company):<\/p>\n\n\n\n<p>1) <strong>cotocus.com<\/strong><br\/>\n&#8211; <strong>Likely service area:<\/strong> Cloud and DevOps consulting (verify current Oracle Cloud offerings)<br\/>\n&#8211; <strong>Where they may help:<\/strong> Architecture planning, migrations, DevOps enablement, operational readiness<br\/>\n&#8211; <strong>Consulting use case examples:<\/strong><br\/>\n  &#8211; Designing a mobile API layer and deployment process<br\/>\n  &#8211; Setting up environment separation and release governance<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/cotocus.com\/<\/p>\n\n\n\n<p>2) <strong>DevOpsSchool.com<\/strong><br\/>\n&#8211; <strong>Likely service area:<\/strong> DevOps and cloud consulting\/training services (verify Oracle Cloud specialization)<br\/>\n&#8211; <strong>Where they may help:<\/strong> CI\/CD pipelines, platform engineering practices, cloud cost governance<br\/>\n&#8211; <strong>Consulting use case examples:<\/strong><br\/>\n  &#8211; Building a secure API deployment workflow for Mobile Hub custom APIs<br\/>\n  &#8211; Setting up logging\/monitoring standards and runbooks<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.devopsschool.com\/<\/p>\n\n\n\n<p>3) <strong>DEVOPSCONSULTING.IN<\/strong><br\/>\n&#8211; <strong>Likely service area:<\/strong> DevOps consulting and implementation services (verify portfolio)<br\/>\n&#8211; <strong>Where they may help:<\/strong> DevOps transformation, delivery automation, production support processes<br\/>\n&#8211; <strong>Consulting use case examples:<\/strong><br\/>\n  &#8211; Production readiness review for a Mobile Hub-backed mobile app<br\/>\n  &#8211; Incident response playbooks and operational KPIs<br\/>\n&#8211; <strong>Website URL:<\/strong> https:\/\/www.devopsconsulting.in\/<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Mobile Hub<\/h3>\n\n\n\n<p>To get real value from Mobile Hub, learn:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>REST fundamentals (HTTP verbs, status codes, headers)<\/li>\n<li>OAuth basics (client credentials vs authorization code, tokens)<\/li>\n<li>API design (versioning, pagination, error models)<\/li>\n<li>Basic networking (DNS, TLS, proxies)<\/li>\n<li>JSON and data modeling<\/li>\n<li>Secure coding practices<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Mobile Hub<\/h3>\n\n\n\n<p>To build production-grade systems around it:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Oracle Cloud identity and access patterns (IDCS\/OCI IAM as applicable)<\/li>\n<li>OCI networking (VCNs, private connectivity) for downstream services<\/li>\n<li>OCI-native API management patterns (API Gateway) if you need more control<\/li>\n<li>Observability and SRE practices (SLIs\/SLOs, alerting)<\/li>\n<li>CI\/CD for API projects and configuration management<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mobile backend engineer \/ API engineer<\/li>\n<li>Oracle Cloud application developer<\/li>\n<li>Solutions architect (mobile and integration)<\/li>\n<li>DevOps engineer \/ platform engineer<\/li>\n<li>Security engineer (API security, identity integration)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle certification programs change over time. For current Oracle Cloud certifications, start here and look for relevant tracks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/education.oracle.com\/<\/li>\n<\/ul>\n\n\n\n<p>Mobile Hub-specific certification may not exist; it may be covered within broader Oracle Cloud app development and integration learning paths. <strong>Verify current certification options<\/strong> on Oracle Education.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a \u201cmobile BFF\u201d API:<\/li>\n<li><code>\/home<\/code> endpoint aggregating three downstream calls<\/li>\n<li>Add authorization:<\/li>\n<li><code>\/admin\/*<\/code> endpoints restricted to an admin role<\/li>\n<li>Implement pagination and filtering:<\/li>\n<li><code>\/items?limit=20&amp;offset=0&amp;updatedSince=...<\/code><\/li>\n<li>Add structured error handling and correlation IDs<\/li>\n<li>Integrate with a database-backed service and implement caching rules<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>API (Application Programming Interface):<\/strong> A contract that allows one software component to call another, typically over HTTP in REST APIs.<\/li>\n<li><strong>MBaaS (Mobile Backend as a Service):<\/strong> A managed platform providing common backend features for mobile apps (auth, APIs, push, etc.).<\/li>\n<li><strong>Mobile Backend:<\/strong> A logical container representing a mobile app\u2019s backend configuration (APIs, security, environments).<\/li>\n<li><strong>OAuth 2.0:<\/strong> Authorization framework used to obtain access tokens for calling APIs.<\/li>\n<li><strong>Access Token:<\/strong> A token (often bearer token) presented to an API to prove authorization.<\/li>\n<li><strong>Client ID\/Secret:<\/strong> Credentials representing an application or client; secret must be protected.<\/li>\n<li><strong>BFF (Backend for Frontend):<\/strong> A backend layer designed specifically for a particular frontend (mobile app), optimizing payloads and workflows.<\/li>\n<li><strong>RAML:<\/strong> RESTful API Modeling Language, an API description format used in some Oracle mobile API tooling.<\/li>\n<li><strong>APNS\/FCM:<\/strong> Push notification services for Apple and Firebase\/Android ecosystems.<\/li>\n<li><strong>Least privilege:<\/strong> Security principle of granting only the permissions required to perform a task.<\/li>\n<li><strong>Egress:<\/strong> Outbound data transfer from the cloud to the internet or another region\/provider.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Mobile Hub<\/strong> is an <strong>Application Development<\/strong> service that provides a managed approach to building and operating mobile backends: secure APIs, mobile backend grouping, and (depending on your version\/edition) mobile-focused capabilities such as push notifications and diagnostics.<\/p>\n\n\n\n<p>It matters because mobile apps require a strong backend layer\u2014especially for <strong>security<\/strong>, <strong>governance<\/strong>, and <strong>integration<\/strong> with enterprise systems. Mobile Hub can accelerate delivery by standardizing these patterns in a managed service.<\/p>\n\n\n\n<p>Cost and operations depend heavily on your Oracle contract and environment. Plan for direct Mobile Hub subscription\/bundle costs (where applicable), and indirect costs such as <strong>outbound data transfer<\/strong>, downstream databases\/integration services, and logging retention.<\/p>\n\n\n\n<p>Use Mobile Hub when you have entitlement and want a managed mobile backend with centralized API security. If Mobile Hub isn\u2019t available or doesn\u2019t align with your platform direction, consider OCI-native alternatives like <strong>OCI API Gateway + OCI Functions<\/strong> and complementary integration services.<\/p>\n\n\n\n<p>Next step: complete the hands-on lab in this guide in your environment, then extend it by adding role-based authorization and an integration call to a real downstream REST service.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Application Development<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54,62],"tags":[],"class_list":["post-855","post","type-post","status-publish","format-standard","hentry","category-application-development","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=855"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/855\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=855"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=855"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}