Authentication

The API requires an access token which can be issued or revoked from the dashboard – as well as using the API itself. Access tokens may have an expiry time at which it is automatically revoked.

S2 SDKs take care of supplying the access token automatically. If you are using curl or grpcurl, you can provide it with -H "Authorization: Bearer ${TOKEN}".

Encryption

Data in transit

S2 endpoints are secured by Transport Layer Security (TLS), and we always use TLS within S2 when data is transferred between services.

Data at rest

S2 does not use any local disks. Data at rest is encrypted by the cloud systems we rely on, e.g. S3’s native server-side encryption.

Lean into client-side record encryption for the strongest data protection.

On our roadmap: authenticated encryption of records at the edge service in S2, with a stream-specific key.

Responsible Disclosure

Ethical hackers and security researchers can report vulnerabilities to us at security@s2.dev.