diff --git a/CHANGES.md b/CHANGES.md
index 4ef5162e..c25ca9d5 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,7 @@
+# 4.9.0
+
+* Adds the `publisheronly` role for client token creation. See [#272](https://github.com/opentok/OpenTok-Ruby-SDK/pull/272)
+
 # 4.8.1
 
 * Fixes a bug with the `Archives#create` method. See [#269](https://github.com/opentok/OpenTok-Ruby-SDK/pull/269) and [#270](https://github.com/opentok/OpenTok-Ruby-SDK/pull/270)
diff --git a/lib/opentok/constants.rb b/lib/opentok/constants.rb
index 7569f815..5773fa17 100644
--- a/lib/opentok/constants.rb
+++ b/lib/opentok/constants.rb
@@ -2,7 +2,7 @@ module OpenTok
   require "set"
   API_URL = "https://api.opentok.com"
   TOKEN_SENTINEL = "T1=="
-  ROLES = { subscriber: "subscriber", publisher: "publisher", moderator: "moderator" }
+  ROLES = { subscriber: "subscriber", publisher: "publisher", moderator: "moderator", publisheronly: "publisheronly" }
   ARCHIVE_MODES = ::Set.new([:manual, :always])
   AUTH_EXPIRE = 300
 end
diff --git a/lib/opentok/version.rb b/lib/opentok/version.rb
index a6adfcf5..fcbe1618 100644
--- a/lib/opentok/version.rb
+++ b/lib/opentok/version.rb
@@ -1,4 +1,4 @@
 module OpenTok
   # @private
-  VERSION = '4.8.1'
+  VERSION = '4.9.0'
 end
diff --git a/spec/shared/opentok_generates_tokens.rb b/spec/shared/opentok_generates_tokens.rb
index 6788506f..a96185bc 100644
--- a/spec/shared/opentok_generates_tokens.rb
+++ b/spec/shared/opentok_generates_tokens.rb
@@ -50,7 +50,29 @@
       expect(expiring_token).to carry_valid_token_signature api_secret
     end
 
-    it "generates tokens with a role" do
+    it "generates tokens with a publisher role" do
+      role = :publisher
+      role_token = opentok.generate_token session_id, :role => role
+      expect(role_token).to be_an_instance_of String
+      expect(role_token).to carry_token_data :session_id => session_id
+      expect(role_token).to carry_token_data :api_key => api_key
+      expect(role_token).to carry_token_data :role => role
+      expect(role_token).to carry_token_data [:nonce, :create_time]
+      expect(role_token).to carry_valid_token_signature api_secret
+    end
+
+    it "generates tokens with a subscriber role" do
+      role = :subscriber
+      role_token = opentok.generate_token session_id, :role => role
+      expect(role_token).to be_an_instance_of String
+      expect(role_token).to carry_token_data :session_id => session_id
+      expect(role_token).to carry_token_data :api_key => api_key
+      expect(role_token).to carry_token_data :role => role
+      expect(role_token).to carry_token_data [:nonce, :create_time]
+      expect(role_token).to carry_valid_token_signature api_secret
+    end
+
+    it "generates tokens with a moderator role" do
       role = :moderator
       role_token = opentok.generate_token session_id, :role => role
       expect(role_token).to be_an_instance_of String
@@ -61,6 +83,17 @@
       expect(role_token).to carry_valid_token_signature api_secret
     end
 
+    it "generates tokens with a publisheronly role" do
+      role = :publisheronly
+      role_token = opentok.generate_token session_id, :role => role
+      expect(role_token).to be_an_instance_of String
+      expect(role_token).to carry_token_data :session_id => session_id
+      expect(role_token).to carry_token_data :api_key => api_key
+      expect(role_token).to carry_token_data :role => role
+      expect(role_token).to carry_token_data [:nonce, :create_time]
+      expect(role_token).to carry_valid_token_signature api_secret
+    end
+
     it "generates tokens with data" do
       data = "name=Johnny"
       data_bearing_token = opentok.generate_token session_id, :data => data
@@ -97,6 +130,11 @@
       expect(layout_class_bearing_token).to carry_valid_token_signature api_secret
     end
 
+    context "when the role is invalid" do
+      it "raises an error" do
+        expect {  opentok.generate_token session_id, :role => :invalid_role }.to raise_error
+      end
+    end
 
     # TODO a context about using a bad session_id
   end