Storage access for anonymous users


Is it possible to have users read public data from storage without having to login to a session?

Our use case is users write data to storage and we would like to make that data available in real-time to users that are signed out or without an account. We know that we can do that with a custom RPC/HTTP request but that would involve polling.

Is there a way to get live notifications/messages for those writes much like a realtime DB would do? (e.g. firebase).

@Leonidas This is an unusual use case. There’s an open feature request on the server to register unauthenticated RPCs from clients but I don’t think it would solve for your use case. You can follow the feature request here.

Can you provide more detail on your requirements? These unauthenticated users that you want to have open sockets to the server to “listen” for realtime events - what kind of messages would you want them to receive?

Thanks for your quick response. We are building a 3D real-time city builder running on a webpage. We are looking to have creators build their cities in real-time and anybody visiting their webpage can watch them (=watch their dataset getting updated that results in real-time changes on the rendered city). So for reading the city dataset we don’t want to enforce creating an account and signing in.

We can easily do this in a real-time DB like Firebase where you can subscribe to data model changes, but we very much like Nakama and we would love to keep a single networking layer for that.

@Leonidas I understand the use case now. I think the best solution for your requirements would be to do a device-based authentication with a generated ID for the user that navigates to the web page. Something like "spectator-${generatedGUID}" which you can easily clean up with a simple reaper operation against the database (We can help with how to do that.).

This means that while it’s technically an authenticated user; you’ve used a prefix on the ID to know which ones can be cleaned up later. Then you can place these users onto a stream so that they’re subscribed to receive events sent to the stream by authenticated users (creators) who perform authoritative actions on the cities in realtime.

Nice! I think that can definitely work for us. We are going to explore the docs on how to build that, and if we move forward let you know for the cleanup DB operation.

Many thanks @novabyte.

1 Like

In the docs it’s stated that we can pass an optional flag to avoid creating a user account. Wouldn’t that work even better in our case, to avoid any required cleanup?

You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.

You can indeed indicate to the server not to create accounts if they don’t already exist, but this won’t help you here - authentication would simply fail and return an error.

What you could do instead is have a set of hardcoded user account credentials embedded in the browser build. For example authenticate with public-browser-viewer as a “device ID”, this would mean all otherwise unauthenticated browsers would sign in to a single account, receive a valid session token, and be allowed to connect a socket and receive realtime data updates.

Ideally you should take steps to ensure this account cannot do anything other than receive data over a stream or non-persistent in-app notifications, but it should do what you need.


Great, that would work as well. We are quite happy to see Nakama being so versatile.

Thank you for your prompt replies!