-
Account billing and packages
-
General
-
Realtime API and client libraries
-
Troubleshooting
-
Channels
-
REST API and client libraries
-
Ably error codes
-
Account and app setup and configuration
-
Ably architecture, transports, and security
-
Performance and Redundancy
-
Push Notifications
-
Integrations
-
Migrating to Ably from an existing service
How can you restrict which channels a client can access?
Ably's authentication system allows a set of capabilities to be configured for the tokens that are issued to clients. Capabilities can also be set on API keys themselves, but that is rarely the right way to restrict what clients can access as tokens provide far more flexibility and are safer to distribute to clients.
In order to understand how capabilities can be used to secure your app and which channels a client can access, please see the following documentation and articles:
- A quick introduction to Ably's two authentication schemes - basic (using an API key) and token authentication
- Token authentication explained
- Capabilities explained which describes specifically how you can configure which channels a client can access and what operations they can perform on each channel.
- The Realtime library authentication documentation with an example of how a client can use token authentication