Paygentic is designed from the ground up with the security, auditability, and reliability standards expected of financial infrastructure.
All sensitive key material is encrypted using AES-256-GCM authenticated encryption. Key derivation via scrypt with unique salts. Each encryption operation uses a random initialization vector with authentication tags to verify integrity. API keys are hashed with bcrypt before storage โ plaintext keys never touch the database.
JWT-based authentication with refresh token rotation. Access tokens expire after 15 minutes. Refresh tokens are rotated on each use and can be revoked. Rate limiting prevents brute-force attacks on authentication endpoints. API key authentication for programmatic agent access.
Webhook delivery validated against internal IP ranges to prevent server-side request forgery. Only HTTPS endpoints accepted. All financial operations run within atomic database transactions to prevent race conditions and double-spending. In-memory rate limiting with configurable windows.
Every transaction, payment, transfer, and policy action is permanently logged. Database-level triggers prevent any modification or deletion of audit records โ no one, including administrators, can alter the audit trail. Each entry captures agent identity, action type, context, and timestamp, creating a complete chain of custody for every financial event.
Spending policies are enforced at the payment layer, not in application code. Configure per-agent limits (per-transaction, daily, weekly, monthly), merchant allowlists, time-window restrictions, and human approval thresholds. Auto-approval rules for trusted low-value transactions. Real-time budget monitoring with configurable alerts.
All balance adjustments, payment processing, and agent transfers execute atomically. Concurrent requests cannot create race conditions or double-spend. Balance validations read fresh values within database transactions, preventing time-of-check-to-time-of-use vulnerabilities. Every financial operation either completes fully or rolls back completely.