You can use either dynamic or static credentials in a Hybrid App screen flow.
See Security and System Administration for more detailed information about implementing security and certificates.
The user name and password values are required when the Hybrid App invokes a mobile business object operation. These authentication values can be provided statically (at design time), or dynamically (by the user at runtime). For requests sent by the client with a credential screen specified, requests are always invoked on the server using the credentials specified by the user, regardless of whether static or dynamic authentication is specified.
The choice of static versus dynamic authentication applies only to requests that must be executed on the server that do not have any credentials, or that do not have valid credentials. This happens when an object query needs to be run by a server-initiated notification, for example, or if the client provides incorrect credentials. In that scenario, the decision between static and dynamic becomes important. If static was chosen, it silently uses those hard-coded credentials. If dynamic was chosen, it sends a notification to the client and asks the user to supply the credentials.
For example, you might define a server-initiated Hybrid App with a credential screen and static authentication. When the notification first comes in, it runs an object query using the hard-coded credentials. This is then sent to the user, who opens the notification and then makes an online request. This online request, be it an operation or an object query, will be made using the credentials supplied by the user.
Dynamic credentials require the user to enter the user name and password on a screen that the credential request starting point references. Select Credential Cache User Name and Password to indicate the user name and password to be required on the client. When the user logs in, the credentials are authenticated using the stored credentials.
Static credentials mean that everyone who has access to the resource uses the same user name and password. By default, static credentials are used. The static credential user name and password for the Hybrid App can be extracted from the selected SAP Mobile Platform profile user name and password when the Hybrid App is generated, or they can be hard-coded using the Properties view. After deployment, you can change static credentials in SAP Control Center.
The application can also have a credential screen (Credential Request) that appears if the Hybrid App detects that the cached credentials are empty or incorrect.