# Authentication Mobile uses the same two authentication models as residential — pick whichever fits your runtime. The mechanics are identical; only the `type` segment in the username changes. ## Model A — User + password (default) ```bash curl -x http://helo_s1a2b3c4d5e-type-mob-region-us:PASSWORD@gate.helodata.io:7777 \ https://example.com ``` The password is the mobile sub-user password. Mobile and residential sub-users have independent passwords even if the names look similar. ## Model B — IP whitelist ```bash curl -x http://helo_s1a2b3c4d5e-type-mob-region-us@gate.helodata.io:7777 \ https://example.com ``` To register IPs: **Dashboard → Mobile → {Sub-user} → Whitelisted IPs**. Up to 50 IPv4 addresses or CIDR ranges per sub-user. Changes take effect within 60 seconds. > Note: residential and mobile maintain **separate whitelists**. Adding an IP to your residential sub-user does not authorize it for mobile. ## Mobile-specific: KYC gate Both models additionally require the **account** (not the sub-user) to have passed KYC. A pre-KYC request returns: ``` HTTP/1.1 403 Forbidden X-Helodata-Error-Code: kyc-required ``` See [ID verification (KYC)](/account-and-billing/kyc.md). ## Choosing between them The same trade-offs as residential — see [Residential authentication](/products/overview/authentication.md#choosing-between-them). The mobile-specific consideration: if your client is a mobile device or NAT egress that itself uses cellular/dynamic IPs, IP whitelisting is impractical; default to user+password. ## Rotating credentials To rotate a mobile sub-user password: 1. **Dashboard → Mobile → {Sub-user} → Reset password**. 2. Old password works for 60 seconds, then begins returning `407`. 3. Update your deployment. ## API Whitelisted IPs and sub-user credentials are managed via the [Whitelists API](/api-reference/whitelists.md) and [Sub-users API](/api-reference/sub-users.md). Scope the `product` parameter to `mobile`. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.helodata.com/products/overview-1/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.