We constantly publish updates to our documentation, which may not yet be available in your language. For the most current information, use the English version.
With Adjust's S2S Security feature, you can guarantee the security of your S2S events and protect against spoofed requests. After you set up S2S authentication each incoming request must carry a token generated in your Adjust dashboard. Requests that do not carry a valid token are rejected by our server.
Only Admins can access and manange authentication tokens in the dashboard.
Warning:
S2S Security is not compatible with Google Tag Manager event tracking. Using Adjust's S2S authentication tokens in your Google Tag Manager configuration means that incoming Google Tag events are rejected.
Find your app and select the app options caret (^).
Select All Settings > S2S Security.
Select Create Token.
Enter a token name.
Select Create.
Select Copy (clipboard icon) and send the token to your developer to add to your S2S event requests.
At this point, S2S authentication is not active and requests carrying invalid tokens are still accepted. Speak to your dedicated Technical Account Manager or contact support@adjust.com to validate the setup before activating S2S authentication.
Example POST request with token added:
curl -v -X POST -H "Authorization: Bearer v8s5opi0zs45607l8h8c48wak2vxb5oe" "https://s2s.adjust.com/event?s2s=1&app_token=abc123kuvada7&event_token=xyzklm&gps_adid=11110111-2345-6789-1122-000000005678"
Activate S2S authentication only after your developer has tested token implementation, and your Technical Account Manager or our team at support@adjust.com has validated your setup.
To activate S2S authentication, follow these steps.
Under AppView, select All apps.
Select your app.
Select the Protection tab.
Under the S2S Security section, select Open S2S Security.
Switch the toggle ON.
Confirm to proceed.
Now, all incoming S2S requests are required to carry an active authentication token.
Always test your tokens after implementation. When S2S authentication is active, requests with new tokens that are not correctly implemented are rejected.
AppView
Classic dashboard
If you're no longer using a token, you can deactivate it:
Under AppView, select My apps.
Select your app.
Select the Protection tab.
Under the S2S Security section, select Open S2S Security.
Find your token and slide the toggle to the off position.
Important:
If you deactivate all of your tokens, Adjust automatically deactivates S2S authentication to ensure you don't reject all S2S traffic.
You can reactivate inactive tokens at any time sliding the toggle to the on position, or hide inactive tokens by turning the Show inactive tokens toggle off.
To deactivate S2S authentication, disable the toggle labeled S2S authentication is ON: you’re protected against fraud.. A warning modal appears. Select Turn off to deactivate S2S authentiaction.