Michael,

We do not support using the master secret within an app to connect to the backend database. On some platforms, its use may not be prevented or blocked from being used but it is certainly not recommended and we discourage its use. It is recommended not to use master credentials from within the app. Please check following link 

https://devcenter.kinvey.com/rest/guides/security#credentials

You mentioned that you deleted an entity from '.cache' datastore successfully. It is removed from cache but still present on the backend. Was your app offline? The Cache Store also stores pending write operations when the app is offline. However, the developer is required to push these pending operations to the backend when the network resumes. The push API should be used to accomplish this. Check https://devcenter.kinvey.com/nodejs/guides/datastore#push.

For a store of type Cache, data is written first to your local copy and sent immediately to be written to the backend. If the write to the backend fails (e.g. because of network connectivity), the library maintains information to recognize that this data needs to be sent to the backend when connectivity becomes available again. Due to platform limitations, this does not happen automatically, but needs to be initiated from the user by calling the push() or sync() methods. Check https://devcenter.kinvey.com/nodejs/guides/datastore#WritePolicy

Thanks,

Pranav