Real-time Chat Blog

Secure Chat Using PubNub Access Manager

4 min readPubNub Staff on Oct 24, 2013
Try PubNub Today

Free up to 1MM monthly messages. No credit card required.

Subscribe to our newsletter

By submitting this form, you are agreeing to our Terms and Conditions and Privacy Policy.

How to build a secure chat application using PubNub Access Manager for fine grain, serverless control over chat users.

Good News

Good News! We’ve launched an all new Chat Resource Center.

We recommend checking out our new Chat Resource Center, which includes overviews, tutorials, and design patterns for building and deploying mobile and web chat.

Take me to the Chat Resource Center →

PubNub-Access-ManagerOne of the fundamentals of building a successful application is having a great security model. Unfortunately, it also happens to be one of the most difficult and often overlooked features when building projects. In building PubNub Access Manager, we aimed to create an easy to use yet powerful security model for real-time applications, like secure chat.

To test and demonstrate these capabilities, we developed a text-based chat application with a single channel for secure chat. The users of the page can change their security rights to chat by asking permission from an app server that grants and revokes access. It does this by communicating through an unrestricted PubNub channel.

You can see the finished product as a full working secure chat demo here. It was all built using JavaScript in the front end and JavaScript on NodeJS in the back end. If you open up the JavaScript console while using the application, you see can see the access denied logs when you do not have access to the channel. This shows that when sending a message, it is always trying to access the server and not doing any client-side validation rules.

Getting Started with Secure Chat

secure chat

You’ll first need to sign up for a PubNub account. Once you sign up, you can get your unique PubNub keys in the PubNub Developer Portal.

To start, send a few messages before logging in to see that your access is denied. Then click “Login” and you will be given access for one minute to send messages to the channel. Open up the same page in a new window and you will see that none of your blocked messages make it to the other users, but when you have access they do.

The code to grant and revoke access to a channel is simple. First, you initiate PubNub on one of your app servers using the Secret Key with your account. This allows the server to modify the permissions for other users. It then has a command called “grant” that allows it to modify permissions. It can change both read and write permissions separately as well as providing a ttl to expire the permissions after a certain period of time.

This is a big step forward in securing real-time applications on the web. Typically a security model involves setting up a lot of core infrastructure that protects every access point of your application. With PubNub Access Manager, developers can let PubNub deal with the infrastructure of securing every user and just provide the rules of who can access what. This not only makes using PubNub as a security model easier to setup but also much more scalable than setting everything up without help.

secure chat

PubNub Access Manager

PubNub Access Manager (PAM) was designed to get you up and running quickly without jumping through hoops such as creating large configuration files for roles and users. We’ve created a whitelist authentication system that allows you to lock down certain channels for users that need access to secure data. It does this by validating all messages on the edge of our data stream network, ensuring no unsecure data will ever be pushed into a channel that a user does not have access to.

One of the benefits of this is that rules are always dynamic and can be changed by the application developer. Not only can they be changed on the fly, but can also be assigned on the key level, channel level, or specific client user level.

Once the server gets the message, it then gives the user access to the secure chat channel. It identifies users by a user-generated authorization key that is provided to the PubNub libraries. This works much like a unique user ID but one that can be shared across multiple users.

With PubNub Access Manager it’s just that easy to begin building truly secure real-time applications. Check out the resources below to learn more or head to the Developer’s Portal today to enable this new feature.


To read more about PubNub Access Manager, check out our documentation. Again, the full working PAM secure chat demo can be seen here. Additionally, the source code for the demo can be seen here.

Get Started
Sign up for free and use PubNub to power secure chat

More from PubNub

Can Empathy Exist in the Metaverse
News May 16, 20221 min read

Can Empathy Exist in the Metaverse

A roundtable discussion led by PubNub’s COO, Casey Clegg, exploring the topics of what it means to be human in a virtual world.

PubNub Staff

PubNub Staff

How to Advance Telehealth and Virtual Care Technologies
News May 2, 20221 min read

How to Advance Telehealth and Virtual Care Technologies

Dr. Joe Kvedar, Chair of the Board for the American Telemedicine Association, joins our COO, Casey Clegg, to discuss why...

PubNub Staff

PubNub Staff

Another Step Towards Data Security: ISO-27001 Implementation
BuildMay 2, 20221 min read

Another Step Towards Data Security: ISO-27001 Implementation

Today, we are glad to announce that we are currently in the process of implementing ISO-27001 security standards.

PubNub Staff

PubNub Staff