Is it possible to restrict which channels or permissions an API key has?

Yes, this is possible.


However, before you consider setting up lots of keys with different permissions, or sharing private API keys with untrusted parties, we would recommend you instead consider using token authentication.  Please read more about when you should consider using token authentication vs basic API key authentication.


If you do want to restrict the channels or privileges / permissions an API key has, follow these steps:


1. Set up an API key


2. Configure the channel restrictions or permissions / privileges for that API key in the 'Settings' tab. See the screen shots below:

a) Add a new channel rule or edit an existing one

b) Then check the channel rules you want for that channel or channel namespace.


Note that:

  • The privileges available are described in more detail in our capability operations documentation
  • You can provide a comma separated list of resources (channels or queues) to restrict access for the key. Each resource can match a single channel, such as "channel-name", or match multiple channels using a wildcard, e.g. "namespace:*". Queues are prefixed with "[queue]", such as "[queue]queue-name", or "[queue]*" for all queues. Meta channels are prefixed with "[meta]", such as "[meta]meta-channel-name", or "[meta]*" for all meta channels. See our auth documentation for more information.
  • Configuring a single API key does not support permutations of privileges and channel restrictions such as publish on one channel, and subscribe on another.  If you need complex permission like this, we recommend you use token authentication.


Reach out on our support portal if you have any further questions and we will be happy to help.