On the front line

Security and compliance at Ably

As a provider of serious, serverless realtime messaging infrastructure, security is baked into everything we do. From network-level attack mitigation to individual message-level encryption, you never need to worry about security and compliance.

Copy link to clipboard

Safety in numbers: Encryption

  • 256-bit AES encryption available using your private key, meaning no one, even Ably, can read your messages without your private key.

  • All client-to-server communication is secured by TLS by default ensuring server-to-server communication is always secure.

Copy link to clipboard

Constant vigilance: DoS protection

  • We can detect and deny invalid connection attempts at the edge of our network ensuring our core infrastructure is unaffected.

  • Our near-limitless scale means we can mitigate huge increases in traffic and defend against DDoS attacks - so you benefit from our scale as attacks have no effect on your own servers.

  • Low TTLs on DNS routing means we can route real users away from data centres under attack.

  • We rate limit requests by account, app, token, key and IP address.

Copy link to clipboard

Become the keymaster: Authentication

  • Token-based authentication, including JWT support, ensures API keys remain private, and compromised tokens have limited value because of their expiration.

  • Support for basic authentication over TLS connections for authentication convenience.

Copy link to clipboard

Always in control: Rights-based access

Copy link to clipboard

Rest assured: Compliance

security-and-compliance-accreditation (1).svg

Ably regularly completes audits of our product, infrastructure, and policies to the satisfaction of the SOC 2 Type 2 standard.

Ably offers HIPAA BAA agreements to companies in the healthcare industry that must comply with regulations for safeguarding.

Copy link to clipboard

EU GDPR-compliant

  • Any usage of personal data is communicated with the proper consent.

  • Personal data is properly collected, stored, and documented.

  • Relevant processes are followed for transfers of personal data outside the European Union.

  • For more information, see our data protection and privacy policies.

Copy link to clipboard

EU and US-only data storage options

  • Control routing of your data streams.

  • Store data and realtime messages solely within the EU or US.