ON THE FRONT LINE

Security and compliance at Ably

As a provider of serious, serverless realtime messaging infrastructure, security is baked into everything we do. From network-level attack mitigation to individual message-level encryption, you never need to worry about security and compliance.

SAFETY IN NUMBERS

Encryption

  • SSL/TLS encryption available for every customer.
  • 256-bit AES encryption available using your private key, meaning no one, even Ably, can read your messages without your private key.
  • All client-to-server communication is secured by SSL/TLS ensuring server-to-server communication is always secure.
Developer apis illustration

CONSTANT VIGILANCE

DoS protection

  • We can detect and deny invalid connection attempts at the edge of our network ensuring our core infrastructure is unaffected.
  • Our near-limitless scale means we can mitigate huge increases in traffic and defend against DDoS attacks - so you benefit from our scale as attacks have no effect on your own servers.
  • Low TTLs on DNS routing means we can route real users away from data centres under attack.
  • We rate limit requests by account, app, token, key and IP address.
Developer apis illustration

BECOME THE KEYMASTER

Authentication

  • Token-based authentication, including JWT support, ensures API keys remain private, and compromised tokens have limited value because of their expiration.
  • Support for basic authentication over SSL/TLS connections for authentication convenience.
Developer apis illustration

ALWAYS IN CONTROL

Privilege-based access

Developer apis illustration

REST ASSURED

Compliance




  • SOC 2 Type 2 logo

    SOC 2 Type 2

    Ably regularly completes audits of our product, infrastructure, and policies to the satisfaction of the SOC 2 Type 2 standard.

  • HIPAA logo

    HIPAA

    Ably offers HIPAA BAA agreements to companies in the healthcare industry that must comply with regulations for safeguarding.

gdpr logo

EU GDPR-compliant

  • Any usage of personal data is communicated with the proper consent.
  • Personal data is properly collected, stored, and documented.
  • Relevant processes are followed for transfers of personal data outside the European Union.
  • For more information, see our data protection and privacy policies.
flag EU + flag US

EU and US-only data storage

  • Control routing of your data streams.
  • Store data and realtime messages solely within the EU or US.
With approximately 290,000 passenger trips a day it is vital that Metra deliver real-time updates for train arrival information. With the tools made available by Ably, Metra is able to deliver real-time data to customers quickly, dependably, and cost effectively, which prove beneficial for both Metra and Metra passengers.

Cherie Kizer

CIO / Metra
Talk to our technical team

If you're having technical or account issues just get in touch.

Don’t want to chat? Get in touch via our contact page

Try our APIs for free

Our free plan includes

  • 6m messages per month
  • 200 peak connections
  • 200 peak channels
  • Loads of features
Start building