3

I have a specific use case where I need to send account balances of users to their browser and/or mobile device. These balances are of course private but I need to send the balance updates to each connected user when the balance changes, however, I'm concerned about pushing out to 1000s of private channels all at once.

Is there any limitations between Pusher and PubNub for this kind of use case?

EDIT: I'm specifically looking at https://pusher.com/docs/server_api_guide/interact_rest_api#example-publish-an-event-on-multiple-channels/lang=cs and publishing to multiple channels at once. Would I be able to publish to 100,000 private channels potentially in a single batch?

Ryan
  • 4,354
  • 2
  • 42
  • 78

1 Answers1

0

PubNub Publishing Limits and Security with Realtime Account Balance Notifications

There is no hard limit for publishes per second per channel. PubNub reserves the right to change this limit. Contact support@pubnub.com to confirm your limit.

Publish Realtime Account Balances Securely

So you need to send realtime account balance information to many people securely. When you want to transmit a person's realtime account balance you will need a checklist of security considerations. Since you are transmitting the realtime account balance from a trusted code execution environment, you do not need to implement PKI (Public Key Infrastructure) security. However you do need session token security authorization, user authentication and dual layer encryption.

  1. Session Token Security: PubNub Access Manager will provide the mechanism to allow for Session based user level Access Management.

  2. User Authentication: You will need to authenticate a user by email/password. After successful authentication you will use a grant() API to issue a Session Token for usage with PubNub Access Manager. You will also generate a security string (random long unpredictable key) that will be used in item 3.

  3. Dual Layer Encryption: In addition to TLS, you will also use PubNub AES256 message encryption. You will provide a cipher_key on SDK initialization. In item 2 above, you will need to generate and send the cipher key in addition to the token session key to the user. Both the Cipher Key and Auth Key (token session key) should be long, random and unpredictable.

Good example of a Session Token Key (Auth Key) and a Cipher Key:

cHRiSEZPVkdnd1RqTktNVnB0YkdWS1UxSlRVbXNVMUpyV201U05XUlhSak

Note: The uuid (the user's id) should be treated the same as a cipher key and session token in regards to long and unpredictable.

User Initialization Example for Receiving Realtime Updates

Now you can security connect to PubNub using the following JavaScript example.

<!-- User Initialization Example -->
<script src="https://cdn.pubnub.com/pubnub-3.7.17.min.js"></script>
<script>(function(){

    // Init User Connection
    var pubnub = PUBNUB({
    ,   subscribe_key : 'sub-c-your-subscribe-key-here'
    ,   auth_key      : 'user-session-token-here'
    ,   cipher_key    : 'user-cipher-key-here'
    ,   uuid          : 'user-id-here'
    ,   ssl           : true
    });

    // Subscribe to a Private User Channel
    pubnub.subscribe({
        channel : 'user-private-channel-here'
    ,   message : function(message) { console.log(message) }
    });

})()</script>

Server Initialization Example for Sending Realtime Updates

Now for your server code in a trusted execution environment, you can publish a message to the end-user client.

// Server Initialization Example
var pubnub = PUBNUB({
    publish_key   : 'pub-c-your-publish-key-here'
,   subscribe_key : 'sub-c-your-subscribe-key-here'
,   secret_key    : 'sec-c-your-secret-key-here'
,   auth_key      : 'server-admin-session-token-here'
,   cipher_key    : 'destination-user-cipher-key-here'
,   uuid          : 'server-id-here'
,   ssl           : true
});

// Send Realtime Balance when User's Balance Changes
pubnub.publish({
    channel : 'destination-user-private-channel-here'
,   message : { "balance" : 10.00 }
});

Note: You must pre-grant access to the user's auth_key before they can subscribe to their user channel on the client device. The server must grant using the grant API.

// Send Realtime Balance when User's Balance Changes
pubnub.grant({
    channel  : 'destination-user-private-channel-here'
,   auth_key : 'user-session-token-here'
,   ttl      : 1440   // minutes of session time to live
,   read     : true   // user can read-only
,   write    : false  // user can't write
});

Following these guidelines above will allow you to provide modern security to delivering sensitive information to your end-users. Note that we did not cover PKI Public Key Infrastructure which you will need when publishing from untrusted code execution environments. However with your needs you will not need PKI because you are publishing from your server's trusted code.

Community
  • 1
  • 1
Stephen Blum
  • 6,498
  • 2
  • 34
  • 46
  • 1
    That's publishes per second, but what if I needed to publish one or two messages on 1 million channels all at once? – Ryan Nov 24 '15 at 14:57
  • Hi @Ryan yes good question. You can publish **one million messages per second per channel**. I updated my answer with the clarification. – Stephen Blum Nov 25 '15 at 01:12
  • Maybe I should have been more specific. Is there any API call limit when publishing one message to 1 million private channels? E.g. Could I pass 1 million private channels to the REST API endpoint? I assume I would need to chunk it? – Ryan Nov 25 '15 at 01:18
  • Ah! I see what you mean. PubNub offers [**Stream Controller**](https://www.pubnub.com/products/stream-controller/) service. You will use PubNub [Channel Groups](https://www.pubnub.com/docs/web-javascript/stream-controller) for this. Also you really should consider the broadcasting power of PubNub. You can broadcast 1 message to unlimited number of subscribers with 1 API call. – Stephen Blum Nov 25 '15 at 02:44
  • Yes but I cannot broadcast someone's real time account balance to a group of users :) this is why I need to send the balance information to many users but securely – Ryan Nov 25 '15 at 06:33
  • Excellent. I'll post a combination of tools you need to accomplish this in the answer listing above. – Stephen Blum Nov 25 '15 at 17:14
  • Woot! Updated this guide for you for **Security with Realtime Account Balance Notifications**. – Stephen Blum Nov 25 '15 at 18:08
  • So if I understand correctly, once I have security in place I need to still do `for (var i = 0; i < 1000000; i++) { // Send Realtime Balance when User's Balance Changes pubnub.publish({ channel : 'private-user-' + i // Send to each user. , message : { "balance" : 10.00 } }); }` That's 1 million HTTP calls which would take forever, is there a better option? – Ryan Nov 25 '15 at 20:01
  • Yes you can improve. **You should only publish if there is a change in the account balance.** You won't be changing 1 million account balances all at once right? You will always need to specify the user's channel and cipher for each secure publish. You also need to specify the `cipher_key` for each published message as well in your code example. – Stephen Blum Nov 25 '15 at 20:23
  • Yes it's most likely possible that 1 million people's balances could update all at once due to revenue sharing. What's the best approach? – Ryan Nov 25 '15 at 23:32
  • Use PubNub TCP Streaming to Post 1,000,000 updates in a flash. https://www.pubnub.com/community/discussion/10/how-to-rapidly-publish-messages-on-pubnub will show you how to publish rapidly. You can publish up to 10 messages in a single Ethernet Frame! That's REALLY FAST!!! :-) Wow wow. – Stephen Blum Nov 30 '15 at 21:56
  • PubNub, you have a type on the email – lxknvlk Dec 14 '15 at 17:03
  • @lxknvlk thank you! `+` fixed > **`support@pubnub.com`** – Stephen Blum Dec 14 '15 at 23:37
  • @PubNub is there a .NET example of doing the streaming? – Ryan Dec 22 '15 at 15:42
  • code demo not available. but it's easy. 1.) dns 2.) tcp connect 3.) stream away! – Stephen Blum Dec 23 '15 at 03:36