Security Guide
On this page:
Data and Network Security
- No PII (outside of login profiles) or customer data is ever stored on Superblocks servers
- All traffic to and from the Superblocks is encrypted using TLS 1.2, 1.3
- All data on the Superblocks platform is encrypted at rest using AES-256 encryption
- Superblocks servers are hosted in AWS across US regions on SOC 2 and ISO 27001 certified infrastructure
- Superblocks entities (Applications, APIs, Workflows, and Integration definitions, audit logs) are stored in encrypted and network-protected databases with limited internal access
IP Addresses
The following IP addresses must be added to an allowlist in order for Superblocks to connect to your configured integrations.
| NAT hostname | Current DNS | Last Recorded IPs |
|---|---|---|
| nat.superblocks.com | A Records | 107.22.228.2443.93.101.12434.209.17.5034.227.169.5135.155.119.17835.171.116.21435.86.18.13744.232.244.9354.148.33.216 |
While we do our best to never change these addresses, the best way to keep an updated allowlist is to use the current A records for the NAT hostname shown above, utilizing tools such as dig:
dig +short nat.superblocks.com | sort
or by using an API like dnsjson.com:
curl -s https://dnsjson.com/nat.superblocks.com/A.json | jq '.results.records|sort'
Superblocks Deployment Options
There are two ways to deploy Superblocks:
- Cloud-only (default) - simple to get started, simple to manage. Superblocks Cloud acts as a proxy when connecting to your Integrations.
- On-premise Agent - By deploying our light-weight open source on-premise agent, your customer data never leaves your VPC. The on-premise agent acts as a proxy to connect to your integrations.
Note: Superblocks never stores customer data regardless of deployment method
- Cloud-Only
- On-premise Agent
Connecting to Integrations
Superblocks Cloud securely connects to customer's data sources with the connection encrypted and secured via TLS and IP Allowlist, VPN Tunneling or VPC Peering.
Proxying Requests for API step runs
When an API is triggered, Superblocks Cloud proxies the request to the customer’s data sources, authenticating using the credentials provided to Superblocks.
Code execution
Code written in the Superblocks API builder runs in a fully controlled and isolated environment, separate from the host. Each JavaScript or Python step run will happen in a protected environment with process and memory isolation. The VM is never exposed to the user directly and customers have the ability to control the modules/packages that are available at runtime.
Code execution happens on Superblocks Cloud.
Connecting to Integrations
Customer runs an On-premise Agent which serves all queries and keeps all PII customer data within their network. Authentication, Permissions, Application definitions and other non-sensitive operations are served from the Superblocks Cloud.
Proxying Requests for API step runs
When an API is triggered, the browser reroutes the request to the On-premise Agent hosted in the customer’s network. The On-premise Agent proxies the request to the data sources, authenticating using the credentials provided to Superblocks.
Code execution
Code written in the Superblocks API builder runs in a fully controlled and isolated environment, seperate from the host. Each JavaScript or Python step run will happen in a protected environment with process and memory isolation. The VM is never exposed to the user directly and customers have the ability to control the modules/packages that are available at runtime.
Code execution happens in the agent inside the customer’s network.