Basic Authentication - Ably Realtime

Basic authentication is the simplest way to authenticate with Ably. It requires passing an API key when instantiating an SDK.

How to use basic authentication

The following is an example of using basic authentication:

When to use basic authentication

Ably recommends that basic authentication is only used server-side because of the following potential issues:

The secret is passed directly by the client to Ably, so it is only permitted for connections that are over TLS, to prevent the key secret being intercepted.
All of the configured capabilities of the key are implicitly possible in any request, and clients that legitimately obtain this key may then abuse the rights for that key.
A client that authenticates using an API key can claim any client ID it chooses. Therefore this client ID cannot be trusted to represent the genuine identity of the client. Client IDs should be assigned by the server, once the client’s credentials have been authenticated.

Next steps

Learn about token authentication for client-side apps
Understand capabilities for access control
Explore identified clients

Authentication Overview

Token Authentication

⌘I

Learn more about Mintlify

Enter your email to receive updates about new features and product releases.

How to use basic authentication
When to use basic authentication
Next steps

Build docs developers (and LLMs) love

Get started for free Talk to us