Security & Authorization
Zero-trust architecture designed for autonomous financial operations.
Tokenized Credentials
SpendGuard utilizes high-entropy tokens that serve as pointers to authorize financial actions. Actual bank credentials or primary Stripe/Plaid keys stay inside vaulting and provider-token workflows.
Key Management Roadmap
Sensitive keys are encrypted and scoped today; production KMS/HSM enforcement remains launch evidence for hardened deployments.
Encrypted Transit
All communication is secured via TLS 1.3 and mutual authentication.
Authentication Flow
Use HMAC-SHA256 signatures for all management API requests to ensure integrity.
Authorization: Bearer agentpay_live_...
X-Agent-Signature: base64_hmac_sha256(...)
X-Agent-Signature: base64_hmac_sha256(...)