Access control & data security

Control who can access resources in your chat app through authentication (identity verification) and authorization (permission management).

Required keyset configuration

To use the getChannels(), getChannelSuggestions(), getUsers(), and getUserSuggestions() methods in the Chat SDKs with Access Manager, you must uncheck the Disallow Get All Channel Metadata and Disallow Get All User Metadata checkboxes in the App Context section of your keyset configuration in the Admin Portal.

User authentication

Authentication verifies user identity. The Chat SDK does not include built-in authentication. Implement your own system using:

• Username/password login
• Token-based authentication
• Single Sign-On (SSO)
• Two-factor authentication (2FA)
• OAuth or external identity providers

User authorization

Authorization controls what authenticated users can do. Use Access Manager to:

• Grant or deny access to channels and users
• Define permissions for reading, writing, and managing data
• Protect private channels and user metadata

For details on client-server-PubNub interactions, see the authorization workflow.

Enable Access Manager

Enable Access Manager on your keyset in the Admin Portal and initialize the Chat SDK with secretKey (server-side) or authToken (client-side).

Operations-to-permissions mapping

The type of access level you grant on a given resource type defines which operations users can perform in your app. For example, write access given to a user for the channels resource type (either specific channels or channel patterns) lets them send messages to this channel/these channels (calling the PubNub Pub/Sub API underneath and the Chat SDK's SendText() method).

Chat SDK method to required Access Manager permission mapping

For information about which Chat SDK methods require what Access Manager permissions, refer to Security and permissions.