For applications that handle sensitive data, we now offer the option to encrypt your data end to end.

In practice you can choose to use an SSL connection to make API requests, and you can ensure that the data is only broadcast to SSL WebSocket connections. You can use these features independently, so you can gradually transition to a secure setup.

SSL encryption for api calls

It is now possible to make Pusher API requests via SSL, which gives you encryption as well as the authentication already offered by the api request signing.

Simply connect to the http endpoint at https://api.pusherapp.com.

If you’re using the Ruby gem (version 0.7.0 or above) just set

Pusher.encrypted = true

and then trigger events normally.

SSL encryption for WebSocket connections

For some months we have supported SSL WebSocket connections in order to support troublesome proxies.

Several users, however, have asked us whether we can ensure that their sensitive data is only sent over encrypted connections. This will be a paid only feature, but during the beta this feature is available to all accounts.

From the dashboard, you’ll see an option to make apps “encrypted”. Non SSL connections to encrypted apps will be rejected by the socket server.

You should also configure the javascript library to try SSL connections by default. This requires linking to version 1.7.0 or above

var pusher = new Pusher('your-key', {
  encrypted: true
})

Without this setting, your app will make an unnecessary connection to the non SSL endpoint, which will rejected. The javascript will then retry the connection over SSL. Things will work, but Pusher will appear to take longer to connect.

Javascript library

If you’re making use of the features above, you’re probably also serving your HTML via https. To avoid browser warnings you can link to the pusher.js javascript library over https from the following cloudfront location:

https://d3ds63zw57jt09.cloudfront.net/1.7/pusher.min.js