Private Topics

Secure your notifications with private topics - full access control for production systems and sensitive data.

Subscription Required

Private topics are available on ESSENTIALS plan and higher ($9/month). View Pricing →

What Are Private Topics?

Private topics provide true privacy and access control for your notifications. Unlike public topics where anyone can publish, private topics require authentication for both publishing and subscribing.

Key Features:

• 🔒 Authentication required - Only authorized users can publish or subscribe
• 🎟️ Access tokens - Fine-grained control over who can access your topic
• 👥 Team collaboration - Share private topics with team members (TEAM plan)
• 🔐 Token permissions - Separate read/write access levels
• ⏰ Token expiry - Set expiration dates for temporary access
• 🚫 Revocation - Instantly revoke access by deleting tokens

Public vs Private Topics

Feature	Public Topics	Private Topics
Who can publish	Anyone who knows the name ⚠️	Only owner + token holders 🔒
Who can subscribe	Anyone	Only owner + token holders 🔒
Access control	None (IP rate limiting only)	Full control via tokens ✅
Discoverable	Yes (optional)	No (always hidden)
Best for	Open communities, testing	Production, sensitive data
Plan requirement	FREE	ESSENTIALS+ ($9/mo)

Creating Private Topics

Via Web Dashboard

1. Navigate to Dashboard
2. Go to app.notifer.io

3. Click "+ New Topic"

4. Choose Privacy Level

5. Select "Private" option

6. Enter topic name and description

7. Create Topic

8. Click "Create Topic"

Plan Limits

• FREE: 0 private topics
• ESSENTIALS: 10 private topics
• TEAM: 50 private topics
• BUSINESS: Unlimited private topics

Access Control with Tokens

Private topics use access tokens for authentication. Each token can have different permissions:

Token Types

READ - Can subscribe and read messages only

curl -N https://app.notifer.io/private-topic/sse?token=tk_read_abc123

WRITE - Can publish messages only

curl -d "Deploy complete" \
  -H "X-Topic-Token: tk_write_xyz789" \
  https://app.notifer.io/private-topic

READ_WRITE - Can both publish and subscribe

curl -d "Message" \
  -H "X-Topic-Token: tk_full_def456" \
  https://app.notifer.io/private-topic

Creating Access Tokens

1. Navigate to Topic Settings
2. Open topic menu (three dots)

3. Click "Manage access tokens"

4. Create New Token

5. Click "Generate Token"
6. Enter token name (e.g., "CI/CD Pipeline")
7. Select access level (READ, WRITE, or READ_WRITE)

8. Optional: Set expiration date

9. Save Token

10. ⚠️ Copy the token immediately - it's shown only once!
11. Store securely (password manager, secrets vault)

Token Security

Access tokens are shown only once during creation. If you lose a token, you must delete it and create a new one.

Publishing to Private Topics

With Topic Access Token

curl -d "Production deployment started" \
  -H "X-Topic-Token: tk_your_token_here" \
  -H "X-Priority: 4" \
  https://app.notifer.io/prod-alerts

With JWT Authentication

# 1. Get JWT token (login)
TOKEN=$(curl -X POST https://app.notifer.io/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"user@example.com","password":"***"}' \
  | jq -r '.access_token')

# 2. Publish with JWT
curl -d "Message from owner" \
  -H "Authorization: Bearer $TOKEN" \
  https://app.notifer.io/my-private-topic

With API Key

curl -d "Automated message" \
  -H "X-API-Key: noti_your_api_key_here" \
  https://app.notifer.io/my-private-topic

Subscribing to Private Topics

Web Dashboard

1. Navigate to topic page
2. Click "Subscribe"
3. You're automatically subscribed (owner has full access)

Mobile App

1. Open mobile app
2. Search for your private topic
3. Subscribe (owner has automatic access)

SSE with Token

const token = 'tk_your_read_token';
const eventSource = new EventSource(
  `https://app.notifer.io/private-topic/sse?token=${token}`
);

eventSource.onmessage = (event) => {
  const message = JSON.parse(event.data);
  console.log(message);
};

Team Private Topics

On TEAM plan and higher, you can create private topics owned by a team:

Benefits: - All team members can publish and subscribe - Rate limits based on team owner's subscription - Shared management and access control - Survives when team members leave

Creating Team Private Topics:

1. Create topic and select "Private"
2. Under "Team (Optional)", select your team
3. All team members with appropriate roles can access

See Team Collaboration Guide for details.

Use Cases

Production Monitoring

# CI/CD pipeline
curl -d "Build #${BUILD_NUMBER} deployed to production" \
  -H "X-Topic-Token: ${PROD_DEPLOY_TOKEN}" \
  -H "X-Priority: 4" \
  https://app.notifer.io/prod-deployments

Secure Customer Alerts

# Order notifications (internal only)
curl -d "New order #12345 - $599.99" \
  -H "X-Topic-Token: ${ORDER_TOKEN}" \
  https://app.notifer.io/customer-orders

Sensitive System Alerts

# Database backup status
curl -d "Backup completed: 2.3GB, 00:23:45" \
  -H "X-Topic-Token: ${BACKUP_TOKEN}" \
  -H "X-Tags: backup,success" \
  https://app.notifer.io/db-backups

Best Practices

Token Management

✅ DO:

• Use descriptive token names ("Jenkins CI", "Monitoring Script")
• Set expiration dates for temporary access
• Use READ-only tokens when possible
• Store tokens in secure vaults (AWS Secrets Manager, 1Password)
• Rotate tokens periodically (every 90 days)
• Delete unused tokens immediately

❌ DON'T:

• Share tokens in code repositories
• Use same token across multiple systems
• Store tokens in plain text files
• Use overly permissive tokens (READ_WRITE when READ is enough)

Topic Naming

For private topics, you can use simple, descriptive names since they're not guessable:

✅ prod-alerts
✅ customer-orders
✅ db-backups
✅ team-notifications

No need for complex random strings like public topics!

Troubleshooting

"Private topic. Provide X-Topic-Token header"

Problem: Trying to publish/subscribe without authentication

Solution:

# Add token to request
curl -d "Message" \
  -H "X-Topic-Token: tk_your_token_here" \
  https://app.notifer.io/private-topic

"Invalid or expired topic access token"

Problem: Token is invalid, expired, or deleted

Solution:

1. Verify token is correct (copy/paste error?)
2. Check if token has expired
3. Ensure token hasn't been deleted
4. Create new token if needed

"Only the topic owner can create access tokens"

Problem: You're not the topic owner

Solution:

• Only topic owners can manage access tokens
• Ask the topic owner to share a token with you
• For team topics, you need owner or admin role

Migration from Public to Private

Cannot Convert Directly

You cannot convert a public topic to private (or vice versa). You must create a new private topic.

Migration steps:

1. Create new private topic with different name
2. Update integrations to use new topic + tokens
3. Test publishing and subscribing
4. Delete old public topic when ready

Related Documentation

• Topic Access Tokens - Detailed token documentation
• Creating Topics Guide - Complete topic creation guide
• Team Collaboration - Team private topics
• Publishing via HTTP - Authentication methods

---

Need Help?

• See FAQ for common questions
• Check Troubleshooting for problem solving
• Contact support: support@notifer.io