Security & Compliance

Security & Compliance

We take security seriously. Production-grade security and end-to-end encryption for every message running over the network.

Security must be looked at from a different angle when applied to data streams. We didn’t just focus on hardening our network, but every level as well, from messages to users. That’s one less (big) worry for you.

TLS AES-256 Hippa SOC

How We Ensure Security

Encryption
Encryption

TLS and AES256 encryption, plus support for BYOE (bring-your-own-encryption) models.

EU and US-only Data Storage
EU and US-only Data Storage

Route data streams and store messages solely within the EU for added PII compliance.

Authorization Schemes
Authorization Schemes

PubNub Functions support flexible authorization schemes via any OAuth and LDAP model.

Attack Prevention
Attack Prevention

No inbound open ports. Instantaneous routing to different data centers to thwart regional attacks.

Legislation and Compliance
Legislation and Compliance

HIPAA Compliance, SOC 2 Compliant, Data Shield certified, and EU-only Data Storage options.

Access Manager: Fine-grain access control API for data streams

PubNub Access Manager provides token-based authorization allowing granular read and write access control at the user, device, channel, or key level.

Fine-Grain Permissions:

Segment permissions by channel, user, or channel group.

No Server Load:

PubNub handles the server loads associated with application access controls. Assign security tokens to devices, grant or revoke access and PubNub Access Manager does the rest.

Seamless Control:

Use Access Manager seamlessly with Presence, Stream Controller, and other PubNub APIs.

Any Authentication Scheme:

PubNub easily integrates with existing OAuth, Google, and Facebook authentication, as well as custom solutions.

Robust Authorization:

Add a layer of protection to prevent unauthorized access to publish/subscribe keys.

  • JavaScript
  • Android/Java
  • .Net
  • var pubnub = new PubNub({
  • subscribeKey: 'subscribeKey',
  • publishKey: 'publishKey',
  • });
  • pubnub.grant({ channels: 'AuthorizedChannel', authKeys: ['MyAuthKey'], ttl: 5, read: true, write: true, manage: false })
  • .then((grantResponse) => {
  • if(grantResponse.error) {
  • console.error('Non 200 response: ', grantResponse);
  • return
  • }
  • return pubnub.publish({ channel: 'AuthorizedChannel', message: 'Hello, world!' }, (publishStatus) => {
  • if (publishStatus.error) {
  • console.error('Non 200 response', { publishStatus });
  • return;
  • }
  • console.log('I just published my hello!');
  • });
  • });
  • PNConfiguration pnConfiguration = new PNConfiguration();
  • pnConfiguration.setSubscribeKey("subscribeKey");
  • pnConfiguration.setPublishKey("publishKey");
  • pnConfiguration.setSecure(true);
  • PubNub pubnub = new PubNub(pnConfiguration);
  • pubnub.grant()
  • .channels(Arrays.asList("AuthorizedChannel")) //channels to allow grant on
  • .authKeys(Arrays.asList("MyAuthKey")) // the keys we are provisioning
  • .write(true) // allow those keys to write (false by default)
  • .manage(false) // allow those keys to manage channel groups (false by default)
  • .read(true) // allow keys to read the subscribe feed (false by default)
  • .ttl(12337) // how long those keys will remain valid (0 for eternity)
  • .async(new PNCallback<PNAccessManagerGrantResult>() {
  • @Override
  • public void onResponse( PNAccessManagerGrantResult result , PNStatus status)
  • // PNAccessManagerGrantResult is a parsed and abstracted response from server pubnub.
  • }
  • });
  • Map message = new HashMap();
  • message.put.("Hello", "world!");
  • pubnub.publish();
  • .channel.("AuthorizedChannel");)
  • .message.(message)
  • .async.(new PNCallback<PNPublishResult>() {
  • @Override
  • public void onResponse( PNPublishResult result , PNStatus status) {
  • if (status.isError()){
  • System.out.println.(status);
  • } else {
  • System.out.println("Published!");
  • }
  • }
  • });
  • PNConfiguration pnConfiguration = new PNConfiguration();
  • // subscribeKey from admin panel
  • pnConfiguration.SubscribeKey = "subscribeKey"; // required
  • // publishKey from admin panel (only required if publishing)
  • pnConfiguration.PublishKey = "publishKey";
  • Pubnub pubnub = new Pubnub(pnConfiguration);
  • pubnub.Grant()
  • .Channels(new string[]{
  • //channels to allow grant on
  • "AuthorizedChannel"
  • })
  • .AuthKeys(new string[] {
  • // the keys we are provisioning
  • "MyAuthKey"
  • })
  • .Write(true) // allow those keys to write (false by default)
  • .Manage(false) // allow those keys to manage channel groups (false by default)
  • .Read(true) // allow keys to read the subscribe feed (false by default)
  • .TTL(12337) // how long those keys will remain valid (0 for eternity)
  • .Async(new PNAccessManagerGrantResultExt(
  • (result, status) => {
  • // PNAccessManagerGrantResult is a parsed and abstracted response from server
  • pubnub.Publish()
  • .Message(arrayMessage.ToList())
  • .Channel("ChatRoomChannel")
  • .ShouldStore(true)
  • .UsePOST(true)
  • .Async(new PNPublishResultExt(
  • (result, status) => {
  • // Check whether request successfully completed or not.
  • if (status.Error) {
  • // something bad happened.
  • Console.WriteLine("error happened while publishing: " + pubnub.JsonPluggableLibrary.SerializeToJsonString(status));
  • } else {
  • Console.WriteLine("publish worked! timetoken: " + result.Timetoken.ToString());
  • }
  • }
  • ));
  • }
  • ));
Whitepaper

Whitepaper: 5 Design Patterns for IoT Security

Learn about how to mitigate security risks, including preventing hacker intrusion, securing data streaming, and architecting provisioning and firmware updates.

Download Whitepaper

Resources

PubNub Security Overview
PubNub Security Overview

A detailed look into security on the PubNub network.

Read Overview
PAM Documentation
PAM Documentation

Full Documentation for PubNub Access Manager.

Read Documentation
PAM Getting Started
PAM Getting Started

A quick start guide for implementing PAM.

Read Quick Start Guide

Try PubNub Today

Connect up to 100 devices for Free