Skip to main content

Security Guide

On this page:

  1. Data and Network Security
  2. IP Addresses
  3. Superblocks Deployment Options

Data and Network Security

  • No PII (outside of login profiles) or customer data is ever stored on Superblocks servers
  • All traffic to and from the Superblocks is encrypted using TLS 1.2, 1.3
  • All data on the Superblocks platform is encrypted at rest using AES-256 encryption
  • Tokens, passwords, certificates, API keys, and other secrets are securely stored in a secrets manager (Vault)
  • Superblocks servers are hosted in AWS across US regions on SOC 2 and ISO 27001 certified infrastructure
  • Superblocks entities (Applications, APIs, Workflows, and Integration definitions, audit logs) are stored in encrypted and network-protected databases with limited internal access

IP Addresses

The following IP addresses must be added to an allowlist in order for Superblocks to connect to your configured integrations.

NAT hostnameCurrent DNSLast Recorded IPs
nat.superblocks.comA Records107.22.228.244
3.93.101.124
34.209.17.50
34.227.169.51
35.155.119.178
35.171.116.214
35.86.18.137
44.232.244.93
54.148.33.216

While we do our best to never change these addresses, the best way to keep an updated allowlist is to use the current A records for the NAT hostname shown above, utilizing tools such as dig:

dig +short nat.superblocks.com | sort

or by using an API like dnsjson.com:

curl -s https://dnsjson.com/nat.superblocks.com/A.json | jq '.results.records|sort'

Superblocks Deployment Options

There are two ways to deploy Superblocks:

  • Cloud-only (default) - simple to get started, simple to manage. Superblocks Cloud acts as a proxy when connecting to your Integrations.
  • On-premise Agent - By deploying our light-weight open source on-premise agent, your customer data never leaves your VPC. The on-premise agent acts as a proxy to connect to your integrations.

Note: Superblocks never stores customer data regardless of deployment method

Connecting to Integrations

Superblocks Cloud securely connects to customer's data sources with the connection encrypted and secured via TLS and IP Allowlist, VPN Tunneling or VPC Peering.

Proxying Requests for API step runs

When an API is triggered, Superblocks Cloud proxies the request to the customer’s data sources, authenticating using the credentials provided to Superblocks.

Code execution

Code written in the Superblocks API builder runs in a fully controlled and isolated environment, separate from the host. Each Javascript or Python step run will happen in a protected environment with process and memory isolation. The VM is never exposed to the user directly and customers have the ability to control the modules/packages that are available at runtime.

Code execution happens on Superblocks Cloud.