It is now possible to make Pusher API requests via SSL, which gives you encryption as well as the authentication already offered by the api request signing.
Note: this page only describes transport-level encryption. If you’re looking for full end-to-end encryption, please see our end-to-end encryption feature!
For applications that handle sensitive data, we now offer the option to encrypt your data using SSL/TLS.
In practice you can choose to use an SSL connection to make API requests, and you can ensure that the data is only broadcast to SSL WebSocket connections. You can use these features independently, so you can gradually transition to a secure setup.
It is now possible to make Pusher API requests via SSL, which gives you encryption as well as the authentication already offered by the api request signing.
Simply connect to the http endpoint at https://api.pusherapp.com.
If you’re using the Ruby gem (version 0.7.0 or above) just set
Pusher.encrypted = true
and then trigger events normally.
For some months we have supported SSL WebSocket connections in order to support troublesome proxies.
Several users, however, have asked us whether we can ensure that their sensitive data is only sent over encrypted connections. This will be a paid only feature, but during the beta this feature is available to all accounts.
From the dashboard, you’ll see an option to make apps “encrypted”. Non SSL connections to encrypted apps will be rejected by the socket server.
You should also configure the javascript library to try SSL connections by default. This requires linking to version 1.7.0 or above
var pusher = new Pusher('your-key', { encrypted: true })
Without this setting, your app will make an unnecessary connection to the non-SSL endpoint, which will rejected. The javascript will then retry the connection over SSL. Things will work, but Pusher will appear to take longer to connect.
If you’re making use of the features above, you’re probably also serving your HTML via https. To avoid browser warnings you can link to the pusher.js javascript library over https from the following cloudfront location: