Access Control
Control who can publish and subscribe to topics with fine-grained access control lists (ACLs).
ACL Basics
Each topic can have separate permissions for publishing and subscribing. This allows you to create read-only channels, write-only endpoints, or fully open topics.
Permission Levels
| Level | Description |
|---|---|
all | Anyone can access (including anonymous) |
authenticated | Any authenticated actor |
server | Only server-type actors |
owner | Only the resource owner (for user-specific topics) |
none | No one can access |
Configuring ACLs
// Configure topic ACL via API
await nolag.topics.create({
appId: 'app_xxx',
name: 'announcements',
acl: {
publish: 'server', // Only servers can publish
subscribe: 'all' // Anyone can subscribe
}
})
// User-specific topic
await nolag.topics.create({
appId: 'app_xxx',
name: 'user/*/private',
acl: {
publish: 'owner', // Only the user can publish
subscribe: 'owner' // Only the user can subscribe
}
})Common Patterns
Broadcast Channel
Server publishes, all clients subscribe:
- publish:
server - subscribe:
all
Chat Room
All authenticated users can read and write:
- publish:
authenticated - subscribe:
authenticated
Private Notifications
Only the user can access their notifications:
- publish:
server - subscribe:
owner