SAFETY IN NUMBERS
Encryption
- SSL/TLS encryption available for every customer.
- 256-bit AES encryption available using your private key, meaning no one, even Ably, can read your messages without your private key.
- All client-to-server communication is secured by SSL/TLS ensuring server-to-server communication is always secure.

CONSTANT VIGILANCE
DoS protection
- We can detect and deny invalid connection attempts at the edge of our network ensuring our core infrastructure is unaffected.
- Our near-limitless scale means we can mitigate huge increases in traffic and defend against DDoS attacks - so you benefit from our scale as attacks have no effect on your own servers.
- Low TTLs on DNS routing means we can route real users away from data centres under attack.
- We rate limit requests by account, app, token, key and IP address.

BECOME THE KEYMASTER
Authentication
- Token-based authentication, including JWT support, ensures API keys remain private, and compromised tokens have limited value because of their expiration.
- Support for basic authentication over SSL/TLS connections for authentication convenience.

ALWAYS IN CONTROL
Privilege-based access
- Security policies can be assigned to authentication tokens when you create them, giving you control and peace of mind at all times.
- Privileges can be assigned to API key(s) giving you control over any API key(s) you share with 3rd parties.
- Policies can assign privileges to access any number of channels, and assign rights to subscribe, publish, register presence, or access statistics.

REST ASSURED
Compliance
-
SOC 2 Type 2
Ably regularly completes audits of our product, infrastructure, and policies to the satisfaction of the SOC 2 Type 2 standard.
-
HIPAA
Ably offers HIPAA BAA agreements to companies in the healthcare industry that must comply with regulations for safeguarding.
EU GDPR-compliant
- Any usage of personal data is communicated with the proper consent.
- Personal data is properly collected, stored, and documented.
- Relevant processes are followed for transfers of personal data outside the European Union.
- For more information, see our data protection and privacy policies.


EU and US-only data storage
- Control routing of your data streams.
- Store data and realtime messages solely within the EU or US.

With approximately 290,000 passenger trips a day it is vital that Metra deliver real-time updates for train arrival information. With the tools made available by Ably, Metra is able to deliver real-time data to customers quickly, dependably, and cost effectively, which prove beneficial for both Metra and Metra passengers.
CIO
/ Metra