Access Control
Control who can publish and subscribe to topics with fine-grained access control lists (ACLs).
ACL Basics
Each topic can have separate permissions for publishing and subscribing. This allows you to create read-only channels, write-only endpoints, or fully open topics.
Permission Levels
Each actor's access to a topic is defined by one of these permission levels:
| Permission | Description |
|---|---|
subscribe | Can only subscribe to the topic (read-only) |
publish | Can only publish to the topic (write-only) |
pubSub | Can both publish and subscribe (full access) |
Configuring ACLs
ACLs are configured through the NoLag Dashboard or Portal, not programmatically via the SDK. The JS SDK does not include a topics management API.
// Access control is configured through the NoLag Dashboard or Portal,
// not programmatically via the JS SDK.
//
// The SDK does not expose a topics management API.
// To configure ACLs:
// 1. Go to the NoLag Dashboard
// 2. Navigate to your App > Topics
// 3. Set publish/subscribe permissions per topic
//
// When connecting via the SDK, permission is enforced automatically:
import { NoLag } from '@nolag/js-sdk'
const client = NoLag('your_access_token')
await client.connect()
const room = client.setApp('my-app').setRoom('general')
// This will only succeed if the actor has 'subscribe' or 'pubSub' permission
room.subscribe('announcements')
// This will only succeed if the actor has 'publish' or 'pubSub' permission
room.emit('chat', { text: 'Hello!' })Common Patterns
Broadcast Channel
Server actors publish announcements, clients subscribe to receive them:
- Server actors:
publish - Client actors:
subscribe
Chat Room
All participants can read and write messages:
- All actors:
pubSub
Private Notifications
Server sends notifications, user reads them:
- Server actors:
publish - User actor:
subscribe