Hiding your API keys with PubNub JS SDK

With PubNub Access Manager, you no longer have to worry about hiding your publish_key and subscribe_key in your JavaScript source code or any other language! As a rule, you consider that hiding your keys becomes a means of preventing access to data streams on your PubNub channels. However, this is not necessary, and instead there is a best practice method: Below is your solution for a new way to control access and a new way to manage your keys.

PubNub Access Manager JS / PHP Example Grate Revoke SDK

You can send real-time access for each grant() and revoke() user to the PubNub global real-time network. Various security levels on PubNub using the grant / revocation (whitelist) permission scheme, where the first grant found in the hierarchy provides read / write access. Permissions are evaluated for both publication and subscription based on this hierarchy. Our pam.php PubNub Access Manager PHP class is finally ready to go! You can start by seeing the example usage code below with full SDK code coverage. You can find all the source code through the GitHub Gist Link:

PubNub Access Manager (PAM) A complete PHP library for granting and revoking access

Enable PAM and initialize class access

 require('pam.php'); $manager = new access( "pub-c-e132b7b4-0c2c-4d36-a828-1de1ea50d167", "sub-c-f95db694-6ff9-11e3-9291-02ee2ddab7fe", "sec-c-OWFkNWQ1NDctN2JiNy00NzJmLTk3Y2ItN2ExODZlYzkyNzY0" ); 

Grant user access

Grant access to authkey user gZW5jb2RlZCBmaWx with read and write access for 5 minutes ttl . You can do authkey whatever you want!

 print_r($manager->grant( "my_channel", // CHANNEL "gZW5jb2RlZCBmaWx", // STRING (AUTH KEY) true, // READ true, // WRITE 5 // TTL in MINUTES )); 

Provide access to user presence

Also provide access to the presence channel (required for PubNub Dev Console).

 print_r($manager->grant( "my_channel-pnpres", // CHANNEL "gZW5jb2RlZCBmaWx", // STRING (AUTH KEY) true, // READ true, // WRITE 5 // TTL in MINUTES )); 

Provide global access (for all users)

Exclude authkey and you can access global access to all.

 print_r($manager->grant_global( "my_channel", // CHANNEL true, // READ true, // WRITE 5 // TTL in MINUTES )); 

Access Forever Grants

You can grant access forever by setting the ttl parameter to 0 .

 print_r($manager->grant_global( "my_channel", // CHANNEL true, // READ true, // WRITE 0 // FOREVER GRANT!!! )); 

Cancel user access

Revoke user access immediately.

 print_r($manager->revoke( "some-other-channel", // CHANNEL "gZW5jb2RlZCBmaWx" // STRING (AUTH KEY) )); 

Cancel global access

You can also cancel global access by excluding the authkey parameter.

 print_r($manager->revoke( "some-other-channel" // CHANNEL )); 

PAM (PubNub Access Manager) PHP Class SDK pam.php

The full file can be found here: PubNub Access Manager (PAM) A complete PHP library for granting and revoking access

 <?php class access { function __construct( $pubkey, $subkey, $seckey ) { $this->publish_key = $pubkey; $this->subscribe_key = $subkey; $this->secret_key = $seckey; } function grant_global( $channel, $read=True, $write=True, $ttl=5 ) { /** Grant GLOBAL Access on a Channel. **/ return $this->_auth(array( "channel" => $channel, "r" => $read ? 1 : 0, "w" => $write ? 1 : 0, "ttl" => $ttl )); } function grant( $channel, $authkey=False, $read=True, $write=True, $ttl=5 ) { /** Grant Access on a Channel. **/ return $this->_auth(array( "channel" => $channel, "auth" => $authkey, "r" => $read ? 1 : 0, "w" => $write ? 1 : 0, "ttl" => $ttl )); } function revoke( $channel, $authkey=False, $read=False, $write=False, $ttl=1 ) { /** Revoke Access on a Channel.**/ return $this->_auth(array( "channel" => $channel, "auth" => $authkey, "r" => $read ? 1 : 0, "w" => $write ? 1 : 0, "ttl" => $ttl )); } function _sign($message) { /** Calculate a signature by secret key and message. **/ return strtr( base64_encode(hash_hmac( 'sha256', utf8_encode($message), utf8_encode($this->secret_key), true )), '+/', '-_' ); } function _auth($query) { /** Issue an authenticated request.**/ if (!array_key_exists( 'timestamp', $query )) { $query['timestamp'] = time(); } ## Global Grant? if ((array_key_exists('auth',$query)) && !$query['auth']) { unset($query['auth']); } ## Construct String to Sign $params = array(); $sorted_keys = array_keys($query); sort($sorted_keys); foreach ($sorted_keys as $key) array_push( $params, $key . "=" . $query[$key] ); $string_to_sign = $this->subscribe_key . "\n" . $this->publish_key . "\n" . "grant" . "\n" . implode( "&", $params ); $signature = $this->_sign($string_to_sign); $url = ( "https://pubsub.pubnub.com/v1/auth/grant/sub-key/" . $this->subscribe_key . "?" . implode( "&", $params ) . "&signature=" . $signature ); $workspace_curl = curl_init(); curl_setopt( $workspace_curl, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt( $workspace_curl, CURLOPT_URL, $url ); $result = curl_exec($workspace_curl); return $workspace_details =json_decode( $result, true ); } } ?> 

pam.php : PubNub Access Manager (PAM) A complete PHP library for granting and revoking access

Link to PubNub Dev test console:

WARNING: The PubNub Dev Console requires a grant on your presence channel! . You can set access to presence by providing the suffix of the channel name -pnpres .

http://www.pubnub.com/console/?channel=my_channel&sub=sub-c-f95db694-6ff9-11e3-9291-02ee2ddab7fe&pub=pub-c-e132b7b4-0c2c-4d36-a828-1de1ea50d167&sec=sec-c-OWFkNWQ1NDctN2JiNy00NzJmLTk3Y2ItN2ExODZlYzkyNzY0