Deep Dive
Security
Authentication
The API requires an access token to authenticate requests.
S2 SDKs take care of supplying it automatically. If you are using curl, you can provide it with -H "Authorization: Bearer ${S2_ACCESS_TOKEN}".
Encryption
Data in transit
S2 endpoints are secured by Transport Layer Security (TLS), and we always use TLS within S2 when data is transferred between services internally.
Data at rest
Data at rest is encrypted by the cloud systems we rely on.
Lean into client-side record encryption for the strongest data protection.
On our roadmap: authenticated encryption of records at the edge service in S2, with a stream-specific key.
Responsible Disclosure
Ethical hackers and security researchers can report vulnerabilities to us at security@s2.dev.