Server-to-server (S2S) Security

With Adjust's S2S Security feature, you can guarantee the security of your S2S events and protect against spoofed requests. After you set up S2S authentication each incoming request must carry a token generated in your Adjust dashboard. Requests that do not carry a valid token are rejected by our server.

S2S Security is not compatible with Google Tag Manager event tracking. Using Adjust's S2S authentication tokens in your Google Tag Manager configuration means that incoming Google Tag events are rejected.

Set up S2S authentication

To set up S2S authentication, follow these steps.

In the dashboard

  1. Find your app and select the app options caret (^).
  2. Select All Settings > S2S Security.
  3. Select Create Token.
  4. Enter a token name.
  5. Select Create.
  6. Select Copy (clipboard icon) and send the token to your developer to add to your S2S event requests.

Once the authentication token is added to your S2S requests, run tests to confirm the integration. At this point, S2S authentication is not active and requests carrying invalid tokens are still accepted. Speak to your dedicated Technical Account Manager or contact support@adjust.com to validate the setup before activating S2S authentication.

Example POST request with token added:

curl -v -X POST -H "Authorization: Bearer v8s5opi0zs45607l8h8c48wak2vxb5oe" "https://s2s.adjust.com/event?s2s=1&app_token=abc123kuvada7&event_token=xyzklm&gps_adid=11110111-2345-6789-1122-000000005678"

Expected response:

> POST /event?s2s=1&app_token=abc123kuvada7&event_token=xyzklm&gps_adid=11110111-2345-6789-1122-000000005678 HTTP/1.1
> Host: s2s.adjust.com
> User-Agent: curl/7.54.0
> Accept: */*
> Authorization: Bearer v8s5opi0zs45607l8h8c48wak2vxb5oe

Requests return one of the responses below.

Response codeResponse messageReason
200OKRequest accepted
202Missing authentication tokenNo token added to the request
202Wrong authentication tokenToken added but not recognized. Check it is set correctly and is active on the dashboard

Activate S2S authentication

Only activate S2S authentication after you have tested your token implementation and had this validated by your Technical Account Manager or our team at support@adjust.com

To activate S2S authentication, follow these steps.

  1. Find your app and select the app options caret (^).
  2. Select All Settings > S2S Security.
  3. Select Activate S2S authentication.
  4. Switch the toggle ON.  
  5. Confirm to proceed.

Good job! Now, all incoming S2S requests are required to carry an active authentication token.

Manage your tokens

To add multiple auth tokens, follow the same setup steps listed above

Always test your tokens after implementation. When S2S authentication is active, requests with new tokens that are not correctly implemented are rejected. 

To delete a token, select Delete (trash icon). This immediately removes the token from your dashboard view and authentication requirements. To recover a deleted token, select Recover (arrow icon). 

If you delete your only valid auth token, Adjust automatically deactivates S2S authentication. This ensures you do not reject all S2S traffic.