I noticed this before but was not sure what you were doing.
upsert to create an
Account. Whilst this is possible - its not how you should do it in a mobile app.
Based on your reply it sounds like you are hard coding the admin token into your app’s code. This is high unsafe and there is no reason to do this.
Hypi specifically provides the
createAccount function which should be used.
This function is handled specially and allows API requests without a token if this is enabled in the app instance settings.
Enable anonymous registrations by checking the option from your instance. This will allow you to call
createAccount without a token.
Once you’ve done this you can create any additional permissions or objects you need by calling the
login function to get a token for the new user.