I'd like to allow untrusted clients to subscribe to MQTT and AMQP queues on ably.io.
Can I use one of the token authentication schemes described in https://www.ably.io/documentation/core-features/authentication#token-authentication somehow, or do I have to set up a separate API key for each client?
If the latter, can API keys be provisioned dynamically?
I went through the docs & help desk articles, but couldn't find anything regarding this combination. Is this just a missing feature or generally a bad idea on my part?
Thanks in advance
Short answer: Yes
Long answer: Token authentication can be used for authenticating all kinds of Ably clients. As an example, have a look at the MQTT docs on Ably's website and you'll find the authentication section that explains how to implement Token Auth with MQTT. As you just said, using Token Authentication is not only more secure but also gives you a way as an admin of the app to set up your own authentication server to carry out your custom authentication strategy.
Hope that helps!
P.S. I'm a Developer Advocate for Ably Realtime.