Security & Compliance

Security & Compliance

We take security seriously. Production-grade security and end-to-end encryption for every message running over the network.

Security must be looked at from a different angle when applied to data streams. We didn’t just focus on hardening our network, but every level as well, from messages to users. That’s one less (big) worry for you.

New! Check out the GDPR Resource Center gdpr resource center
SOC TLS AES-256 GDPR HI PAA Privacy Shield Framework

How We Ensure Security

Encryption
Encryption

TLS and AES256 encryption, plus support for BYOE (bring-your-own-encryption) models.

EU and US-only Data Storage
EU and US-only Data Storage

Route data streams and store messages solely within the EU for added PII compliance.

Authorization Schemes
Authorization Schemes

PubNub Functions support flexible authorization schemes via any OAuth and LDAP model.

Attack Prevention
Attack Prevention

No inbound open ports. Instantaneous routing to different data centers to thwart regional attacks.

Legislation and Compliance
Legislation and Compliance

HIPAA Compliance, SOC 2 Type II Compliant, Privacy Shield certified, and GDPR compliant.

Access Manager: Fine-grain access control API for data streams

PubNub Access Manager provides token-based authorization allowing granular read and write access control at the user, device, channel, or key level.

Fine-Grain Permissions:

Segment permissions by channel, user, or channel group.

No Server Load:

PubNub handles the server loads associated with application access controls. Assign security tokens to devices, grant or revoke access and PubNub Access Manager does the rest.

Seamless Control:

Use Access Manager seamlessly with Presence, Stream Controller, and other PubNub APIs.

Any Authentication Scheme:

PubNub easily integrates with existing OAuth, Google, and Facebook authentication, as well as custom solutions.

Robust Authorization:

Add a layer of protection to prevent unauthorized access to publish/subscribe keys.

  • JavaScript
  • Android/Java
  • .Net
  • var pubnub = new PubNub({
  • subscribeKey: 'subscribeKey',
  • publishKey: 'publishKey',
  • });
  • pubnub.grant({ channels: 'AuthorizedChannel', authKeys: ['MyAuthKey'], ttl: 5, read: true, write: true, manage: false })
  • .then((grantResponse) => {
  • if(grantResponse.error) {
  • console.error('Non 200 response: ', grantResponse);
  • return
  • }
  • return pubnub.publish({ channel: 'AuthorizedChannel', message: 'Hello, world!' }, (publishStatus) => {
  • if (publishStatus.error) {
  • console.error('Non 200 response', { publishStatus });
  • return;
  • }
  • console.log('I just published my hello!');
  • });
  • });
  • PNConfiguration pnConfiguration = new PNConfiguration();
  • pnConfiguration.setSubscribeKey("subscribeKey");
  • pnConfiguration.setPublishKey("publishKey");
  • pnConfiguration.setSecure(true);
  • PubNub pubnub = new PubNub(pnConfiguration);
  • pubnub.grant()
  • .channels(Arrays.asList("AuthorizedChannel")) //channels to allow grant on
  • .authKeys(Arrays.asList("MyAuthKey")) // the keys we are provisioning
  • .write(true) // allow those keys to write (false by default)
  • .manage(false) // allow those keys to manage channel groups (false by default)
  • .read(true) // allow keys to read the subscribe feed (false by default)
  • .ttl(12337) // how long those keys will remain valid (0 for eternity)
  • .async(new PNCallback<PNAccessManagerGrantResult>() {
  • @Override
  • public void onResponse( PNAccessManagerGrantResult result , PNStatus status)
  • // PNAccessManagerGrantResult is a parsed and abstracted response from server pubnub.
  • }
  • });
  • Map message = new HashMap();
  • message.put.("Hello", "world!");
  • pubnub.publish();
  • .channel.("AuthorizedChannel");)
  • .message.(message)
  • .async.(new PNCallback<PNPublishResult>() {
  • @Override
  • public void onResponse( PNPublishResult result , PNStatus status) {
  • if (status.isError()){
  • System.out.println.(status);
  • } else {
  • System.out.println("Published!");
  • }
  • }
  • });
  • PNConfiguration pnConfiguration = new PNConfiguration();
  • // subscribeKey from admin panel
  • pnConfiguration.SubscribeKey = "subscribeKey"; // required
  • // publishKey from admin panel (only required if publishing)
  • pnConfiguration.PublishKey = "publishKey";
  • Pubnub pubnub = new Pubnub(pnConfiguration);
  • pubnub.Grant()
  • .Channels(new string[]{
  • //channels to allow grant on
  • "AuthorizedChannel"
  • })
  • .AuthKeys(new string[] {
  • // the keys we are provisioning
  • "MyAuthKey"
  • })
  • .Write(true) // allow those keys to write (false by default)
  • .Manage(false) // allow those keys to manage channel groups (false by default)
  • .Read(true) // allow keys to read the subscribe feed (false by default)
  • .TTL(12337) // how long those keys will remain valid (0 for eternity)
  • .Async(new PNAccessManagerGrantResultExt(
  • (result, status) => {
  • // PNAccessManagerGrantResult is a parsed and abstracted response from server
  • pubnub.Publish()
  • .Message(arrayMessage.ToList())
  • .Channel("ChatRoomChannel")
  • .ShouldStore(true)
  • .UsePOST(true)
  • .Async(new PNPublishResultExt(
  • (result, status) => {
  • // Check whether request successfully completed or not.
  • if (status.Error) {
  • // something bad happened.
  • Console.WriteLine("error happened while publishing: " + pubnub.JsonPluggableLibrary.SerializeToJsonString(status));
  • } else {
  • Console.WriteLine("publish worked! timetoken: " + result.Timetoken.ToString());
  • }
  • }
  • ));
  • }
  • ));
Whitepaper

Whitepaper: 5 Design Patterns for IoT Security

Learn about how to mitigate security risks, including preventing hacker intrusion, securing data streaming, and architecting provisioning and firmware updates.

Download Whitepaper
Quote
Zeiss

"As a leading software solution for ophthalmologists, data security and HIPAA compliance are extremely important for Zeiss Veracity Surgical, and we evaluate all our technology partners through this lens too. When we evaluated PubNub as a realtime messaging service, we were very impressed how easy they were to use. We were sold on PubNub as a partner once we learned about their strengths in data security, SOC 2, and HIPAA-compliance."

Danny Kirchmeier

Director of Technology, Carl Zeiss Meditec Digital Innovations

Resources

PubNub Security Overview
PubNub Security Overview

A detailed look into security on the PubNub network.

Read Overview
PubNub Security Overview
GDPR Resource Center

Your go-to resource center for everything you need to know about PubNub's GDPR compliance.

Learn More About GDPR
PAM Documentation
PAM Documentation

Full Documentation for PubNub Access Manager.

Read Documentation
PAM Getting Started
PAM Getting Started

A quick start guide for implementing PAM.

Read Quick Start Guide

Try PubNub Today

Connect up to 100 devices for Free