Socketize will be shutting down soon. We are not accepting new registrations. Sorry about this.

Security

First of all every Socketize request is SSL encrypted. Now carry on...

By default no one can write to Socketize database without authentication. Though you can overcome it if you wish.

Every authenticated user has a role assigned and each role has a set of permissions which you can modify.

Go to Dashboard > Role to manage each role. When you click Manage, you'll see a list of permissions. To understand these permissions you'll have to understand scopes first.

Scopes

Socketize has 3 scopes, User, Public and Global.

User

User scope is the default scope, by default a user can only write in his own scope. For example, when socketize.set('name', 'Foo') is called from JavaScript the name will be set for the currently authenticated user only.

Public

This scope data can be read by anyone even without authentication, say public blog post should be saved here. Writing in to this scope is possible only if the role permits so. A Socketize admin can change roles or permissions. This is how you read and write to public scope

socketize.get('public/name').then(function(response) {
    alert('Name is ' + response.message);
});

socketize.set('public/name', 'Foo');

Global

This scope is the root scope. It's the parent of every scope. When you login with user who's role has a Global Read/Write permissions then you can write to any user's scope, public scope or in a custom scope.

// User id is 7h6tf, so you can read the name of user 7h6tf.
socketize.get('global/7h6tf:name').then(function(response) {
    alert('Name is ' + response.message);
});

// Write
socketize.set('global/private_data/name', 'Foo');

Permissions

Every authenticated user has a role assigned and each role has a set of permissions which you can modify.

Go to Dashboard > Role to manage each role. When you click Manage, you'll see a list of permissions. Here is what each means:

Can Publish Data to Any Channel

Socketize has real time PubSub feature where you can subscribe to a channel and specify action to take when something is published to this channel.

Subscribing to a channel doesn't require any permission but only roles with this permission to publish to a channel.

Can Read Data of Any User

It's the Global Read permission, user having this permission can read data of any other user.

Can Write Data for Any User

The Global Write permission, user having this permission can write data to any user's scope.

Can Write Publicly Readable Data

Users having this permission can write to the publc scope.

Default Permissions