Mobile Settings Methods


Using the mobile settings methods of the Tableau REST API you can:

  • List the mobile security settings for a site or server.
  • Update the mobile security settings for a site or server.

About mobile device security settings

Available in API 3.18 (Tableau Cloud December 2022 / Server 2023.1) and later.

These settings include detecting the following conditions:

  • Jailbreak Detection - for Android and iOS devices.
  • Malware Detection - for Android devices.
  • Maximum offline time before security policy update - for Android and iOS devices.
    Available in API 3.19 (Tableau Cloud March 2023 / Server 2023.1) and later.
  • Screenshot protection - for Android devices.

In September 2025, Tableau Mobile will discontinue support for the malware detection setting. Any configuration of the malware detection setting on Tableau Cloud or Tableau Server will have no effect on the Tableau Mobile app. The malware detection setting will be removed from the Tableau Cloud settings page in September 2025 and from the Tableau Server settings page in Tableau Server version 2025.3.

Get Mobile Security Settings for Server

Gets the mobile security settings for the server.

Version: Available in API 3.19 (Tableau Cloud December 2022 / Server 2023.1) and later.. Version Overview

License: No additional license required.

Permissions: Only Tableau server and site administrators can get mobile security settings for the server.  Permissions Overview

JWT Access Scope: Not available.     Access Scopes Overview: Cloud(Link opens in a new window) | Server-Windows(Link opens in a new window) | Server-Linux(Link opens in a new window)

URI

GET /api/api-version/settings/mobilesecuritysettings

URI Parameter Values

api-version The version of the API to use, such as 3.26. For more information, see REST API and Resource Versions.

cURL Request Example

curl -L -X GET "https://qa-server.tsi.lan/api/3.18/settings/mobilesecuritysettings" -H "Accept: application/json" -H "X-Tableau-Auth: ejET2rVmS2e81XiZ9G4lzQ|Iz71DR2lu3r0zHpcOAH2OoRQZlPfxACC|a905dbfd-6550-4546-908b-3e055fcc026d" --data-raw ""

Response Code

200

Response Body

Copy 
<tsResponse>
    <mobileSecuritySettingsList>
        <mobileSecuritySettings name="mobile.security.jailbroken_device" enabled="true">
            <iosConfig severity="warn" enabled="false">
                <valueList>true</valueList>
            </iosConfig>
            <androidConfig severity="critical" enabled="false">
                <valueList>false</valueList>
            </androidConfig>
        </mobileSecuritySettings>
        <mobileSecuritySettings name="mobile.security.malware_detection" enabled="true">
            <iosConfig severity="warn" enabled="false">
                <valueList>true</valueList>
            </iosConfig>
            <androidConfig severity="warn" enabled="false">
                <valueList>true</valueList>
            </androidConfig>
        </mobileSecuritySettings>
        <mobileSecuritySettings name ="mobile.security.max_offline" enabled="true">
            <iosConfig enabled="true" severity="critical">
                <valueList>14</valuelist>
            </iosConfig>
            <androidConfig enabled="true" severity="critical">
                <valueList>14</valuelist>
            </androidConfig>
        </mobileSecuritySettings>
        <mobileSecuritySettings name="mobile.security.screenshot" enabled="false">
            <androidConfig severity="warn" enabled="false">
                <valueList>true</valueList>
            </androidConfig>
        </mobileSecuritySettings>
    </mobileSecuritySettingsList>
</tsResponse>

Errors

HTTP status error Code Condition Details
400 400000 Bad Request The request is incomplete is malformed.
400 400174 Mobile security settings error An uknown mobile security settings error has occured.
401 401002 Unauthorized Access The authentication token provided in the request header was invalid or has expired.
403 403004 Unauthorized Access The user does not have the required administrtor permissions.
403 403157 Forbidden Mobile security settings are not enabled on the server.

For more information, see Handling Errors.

Get Mobile Security Settings for Site

Gets the mobile security settings for the specified site.

Version: Available in API 3.18 (Tableau Cloud December 2022) and later. Not available for Tableau Server. Version Overview

License: No additional license required.

Permissions: Only Tableauserver and site administrators can get mobile security settings.  Permissions Overview

JWT Access Scope: Not available.     Access Scopes Overview: Cloud(Link opens in a new window) | Server-Windows(Link opens in a new window) | Server-Linux(Link opens in a new window)

URI

GET /api/api-version/sites/site-luid/settings/mobilesecuritysettings

URI Parameter Values

api-version The version of the API to use, such as 3.26. For more information, see REST API and Resource Versions.
site-luid The LUID for the site.

cURL Request Example

curl "http://MY-SERVER/api/3.26/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/datasources/1a1b1c1d-2e2f-2a2b-3c3d-3e3f4a4b4c4d/connections" -X GET -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"

Response Code

200

Response Body

Copy 
<tsResponse>
    <mobileSecuritySettingsList>
        <mobileSecuritySettings name="mobile.security.jailbroken_device" enabled="true">
            <iosConfig severity="warn" enabled="false">
                <valueList>true</valueList>
            </iosConfig>
            <androidConfig severity="critical" enabled="false">
                <valueList>false</valueList>
            </androidConfig>
        </mobileSecuritySettings>
        <mobileSecuritySettings name="mobile.security.malware_detection" enabled="true">
            <iosConfig severity="warn" enabled="false">
                <valueList>true</valueList>
            </iosConfig>
            <androidConfig severity="warn" enabled="false">
                <valueList>true</valueList>
            </androidConfig>
        </mobileSecuritySettings>
        <mobileSecuritySettings name ="mobile.security.max_offline" enabled="true">
            <iosConfig enabled="true" severity="critical">
                <valueList>14</valuelist>
            </iosConfig>
            <androidConfig enabled="true" severity="critical">
                <valueList>14</valuelist>
            </androidConfig>
        </mobileSecuritySettings>
        <mobileSecuritySettings name="mobile.security.screenshot" enabled="false">
            <androidConfig severity="warn" enabled="false">
                <valueList>true</valueList>
            </androidConfig>
        </mobileSecuritySettings>
    </mobileSecuritySettingsList>
</tsResponse>

Errors

HTTP status error Code Condition Details
400 400000 Bad Request The request is incomplete is malformed.
400 400174 Mobile security settings error An uknown mobile security settings error has occured.
401 401002 Unauthorized Access The authentication token provided in the request header was invalid or has expired.
403 403004 Unauthorized Access The user does not have the required administrtor permissions.
403 403157 Forbidden Mobile security settings are not enabled on the server.

For more information, see Handling Errors.

Update Mobile Security Settings for Site

Updates the mobile security sections for a specified site.

Version: Available in API 3.18 (Tableau Cloud December 2022) and later. Not available for Tableau Server. Version Overview

License: No additional license required.

Permissions: Only Tableau server administrators can update mobile security settings for the server.  Permissions Overview

JWT Access Scope: Not available.     Access Scopes Overview: Cloud(Link opens in a new window) | Server-Windows(Link opens in a new window) | Server-Linux(Link opens in a new window)

URI

PUT /api/api-version/settings/mobilesecuritysettings

URI Parameter Values

api-version The version of the API to use, such as 3.26. For more information, see REST API and Resource Versions.

Request Body

Copy 
{
    "mobileSecuritySettingsList": {
        "mobileSecuritySettings": [
            {
                "name": "mobile.security.jailbroken_device",
                "enabled": true,
                "iosConfig": {
                    "valueList": [
                        "true"
                    ],
                    "severity": "warn"
                },
                "androidConfig": {
                    "valueList": [
                        "false"
                    ],
                    "severity": "critical"
                }
            },
            {
                "name": "mobile.security.malware_detection",
                "enabled": true,
                "iosConfig": {
                    "valueList": [
                        "true"
                    ],
                    "enabled": true,
                    "severity": "warn"
                    },
                "androidConfig": {
                    "valueList": [
                        "true"
                    ],
                    "enabled": true,
                    "severity": "warn"
                }
            },
            {
                "name": "mobile.security.max_offline",
                "enabled": true
                "iosConfig": {
                    "valueList": [
                        "14"
                    ],
                    "enabled": true,
                    "severity": "critical"
                },
                "androidConfig": {
                    "valueList": [
                        "14"
                    ],
                    "enabled": true,
                    "severity": "critical"
                },
            },        
            {
                "name": "mobile.security.screenshot",
                "enabled": false,
                "androidConfig": {
                    "valueList": [
                        "true"
                    ],
                    "enabled": true,
                    "severity": "warn"
                }
            }
        ]
    }
}

Request Attributes

mobileSecuritySettings name

(Optional)Enum. The device condition addressed by a security setting element. Supported values are:

  • mobile.security.jailbreak_detection
  • mobile.security.malware_detection
  • mobile.security.max_offline
    Available in API 3.19 (Tableau Cloud March 2023 / Server 2023.1) and later.
  • mobile.security.screenshot
mobileSecuritySettings enabled (Optional) Boolean. If true, enables the Tableau mobile client to detect and respond to the condition described in the setting's name. The enabled attribute for the Android or iOS configuration element of the setting must also be true for detection on that type of device. If mobileSecuritySettings enabled = false, the Android and iOS configuration element attribute settings will be ignored.
mobileSecuritySettings androidConfig / iosConfig

(Optional)Element. Security settings specific to the platform of the mobile device hosting the Tableau client for the setting being configured. Required attributes of this element are:

  • valueList -

    In the case of mobile.security.max_offline String - whole number. The number of days a device can be offline without requiring a security policy refresh. Minimum value is 1, default value is 14.

    In other cases String - true or false. Determines if the condition of the setting is detected for the specified platform.

  • severity - Enum. Defines the response of the Tableau mobile client when the condition of the setting is detected.
  • enabled - String -true or false. On the device type being configured, if true, enables detection of the containing setting's security condition, as long as that setting's enabled attribute value is also true.

    Severity level can be set for jailbreak and malware detection settings. The levels and the actions the Tableau client will take are as follows:

    • Warn: If a detection occurs, show a dismissible blocking screen.
    • Error: If a detection occurs, show a blocking screen until the issue is resolved.
    • Critical: If a detection occurs, shows a blocking screen, log the user out, and close the session.

    If screenshot protection is enabled a severity level is required, but regardless of which level you select the behavior of the app will be: If a screenshot is attempted, show a temporary toast without blocking the app.

    Default settings for a Tableau Cloud site are:

    • Jailbreak detection enabled with critical severity.
    • Malware detection enabled with critical severity.
    • Maximum offline time for security policy update set at 14 days with critical severity.
    • Screenshot protection is enabled with warn level.

cURL Request Example

curl -L -X PUT "https://qa-server.tsi.lan/api/3.18/settings/mobilesecuritysettings" -H "Accept: application/json" -H "X-Tableau-Auth: ejET2rVmS2e81XiZ9G4lzQ|Iz71DR2lu3r0zHpcOAH2OoRQZlPfxACC|a905dbfd-6550-4546-908b-3e055fcc026d" --data-raw ""

Response Code

200

Response Body

Copy 
{
    "mobileSecuritySettingsList": {
        "mobileSecuritySettings": [
            {
                "name": "mobile.security.jailbroken_device",
                "enabled": true,
                "iosConfig": {
                    "valueList": [
                        "true"
                    ],
                    "severity": "warn"
                },
                "androidConfig": {
                    "valueList": [
                        "false"
                    ],
                    "severity": "critical"
                }
            },
            {
                "name": "mobile.security.malware_detection",
                "enabled": true,
                "iosConfig": {
                    "valueList": [
                        "true"
                    ],
                    "enabled": true,
                    "severity": "warn"
                    },
                "androidConfig": {
                    "valueList": [
                        "true"
                    ],
                    "enabled": true,
                    "severity": "warn"
                }
            },
            {
                "name": "mobile.security.max_offline",
                "enabled": true
                "iosConfig": {
                    "valueList": [
                        "14"
                    ],
                    "enabled": true,
                    "severity": "critical"
                },
                "androidConfig": {
                    "valueList": [
                        "14"
                    ],
                    "enabled": true,
                    "severity": "critical"
                },
            },        
            {
                "name": "mobile.security.screenshot",
                "enabled": false,
                "androidConfig": {
                    "valueList": [
                        "true"
                    ],
                    "enabled": true,
                    "severity": "warn"
                }
            }
        ]
    }
}

Errors

HTTP status error Code Condition Details
400 400000 Bad Request The content of the request body is missing, incomplete, or is malformed XML. Invalid values for enabled, iosConfig, androidConfig, severity, or enabled attributes are possible causes.
400 400174 Mobile security settings error An uknown mobile security settings error has occured.
401 401002 Unauthorized Access The authentication token provided in the request header was invalid or has expired.
403 403004 Unauthorized Access The user does not have the required administrtor permissions.
403 403157 Forbidden Mobile security settings are not enabled on the server.
409 409004 Invalid setting A mobile security setting enabled, name or other value is missing or malformed.

For more information, see Handling Errors.


Back to top