Angela,
Inside the wp_usermeta table in your database, there is a meta_key called wp_capabilities that includes the custom capabilities inside a serialized array.
Interacting with the custom capabilities through the database is certainly not ideal and their storage inside a serialized array makes working with them difficult. This was a design flaw with how custom fields were stored. We are working to greatly improve this in the next major release of s2Member. I don’t have any details about exactly how things are changing, but custom capabilities will likely get their own database table instead of being stored in a serialized array.
Also, regarding the Remote API Operations that comes with s2Member Pro:
The Remote Operation ‘create_user‘, allows for a ‘notification‘ directive. If this is a non-zero value (i.e. ‘notification’ => ‘1’), then s2Member/WordPress will process the New User Notification emails. One notification email will go to the site owner (i.e. you have a new User), and another to the User’s email address. This email simply contains the User’s password with instructions on how to log in. These emails can be further customized under: s2Member -> General Options -> Email Configuration.
s2Member’s event-driven API Notifications are something else entirely, not related to the ‘notification‘ directive that I just mentioned.
All accounts created through the Remote Operations API will cause a new API Registration Notification, as configured under: s2Member -> API Notifications -> Registration Notification. But that’s it. Most of the other API Notifications, including the Signup Notification are only related to payment gateway processing, and will NOT be triggered during a simple registration via the Remote Operations API. Only the Registration Notification would be triggered when creating accounts through the Remote Operations API.