Authenticated and identified clients

The following terminology will help you to understand what authentication, authorisation and identification is in the context of the Ably service.


The process of deciding, based on the presented credentials, whether or not an entity may interact with the Ably service. The credentials may be presented explicitly using Basic Authentication or Token Authentication, or in some cases the entity authenticating may prove possession of the credentials with a signed Token Request that is subsequently used to generate a valid token to be used for Token Authentication.  When authenticating with Ably, the credentials are either an API key or an auth token.

Authenticated client

A client of the Ably service that has been successfully authenticated.


The process of deciding whether or not a given entity (usually authenticated) is allowed to perform a given operation. In Ably, authorisation for most operations is based on the Capabilities associated with the key or token that was used to authenticate a client.  Find out how to configure capabilities.

Identified client

An authenticated client with a specific claimed client identity, or clientId, whose credentials are verified as confirming that identity. See our documentation on identified clients.

Tip: Channels can be configured to only allow identified users. Find out more about channel rules.