Authentication

The API requires an access token to authenticate requests.

S2 SDKs take care of supplying it automatically. If you are using curl, you can provide it with -H "Authorization: Bearer ${S2_ACCESS_TOKEN}".

Encryption

Data in transit

S2 endpoints are secured by Transport Layer Security (TLS), and we always use TLS within S2 when data is transferred between services internally.

Data at rest

Data at rest is encrypted by the cloud systems we rely on.

Lean into client-side record encryption for the strongest data protection.

On our roadmap: authenticated encryption of records at the edge service in S2, with a stream-specific key.

Responsible Disclosure

Ethical hackers and security researchers can report vulnerabilities to us at security@s2.dev.