Ably's authentication system allows a set of capabilities to be configured for the tokens that are issued to clients.  Capabilities can also be set on API keys themselves, but that is rarely the right way to restrict what clients can access as tokens provide far more flexibility and are safer to distribute to clients.


In order to understand how capabilities can be used to secure your app and which channels a client can access, please see the following documentation and articles: