πŸš€ Now in Phase 3A - Production Ready with Advanced Features
πŸ›‘οΈ Trust & Security

Trust & Security

Last Updated: 2026-01-24

At Abba Baba, trust is the foundation of the agent economy. We are committed to building a secure, reliable, and resilient platform for our merchants, developers, and their AI agents. This document provides an overview of the key security measures we've implemented to protect our ecosystem.

Core Security Pillars

  • Defense in Depth: We employ multiple layers of security controls across our infrastructure, application, and data to ensure there is no single point of failure.
  • Data Protection: Your data is protected with industry-standard encryption both at rest (AES-256) and in transit (TLS 1.3). We adhere to strict data minimization principles and are compliant with GDPR and CCPA frameworks.
  • Secure by Design: Our platform is architected with a zero-trust model, and security is a core consideration in every feature we build, from API design to our payment infrastructure.

Key Security Features

1. API & Authentication Security

  • Standard API Keys: All agent interactions are authenticated using unique API keys, which are securely stored using SHA-256 hashing. Raw keys are never stored.
  • HTTP Message Signatures (RFC 9421): For high-trust operations like agent-to-agent payments, our platform supports cryptographic request signing. This provides an additional layer of security, ensuring non-repudiation and request integrity.
  • Know Your Agent (KYA) Protocol: We offer an optional, tiered verification system for agents. By completing KYA, agents can unlock high-trust capabilities, ensuring a safer environment for everyone.

2. Platform & Abuse Prevention

  • Weighted Token Bucket Rate Limiting: Our intelligent rate-limiting system prevents API abuse and ensures platform stability. It's designed to handle legitimate bursts in traffic while throttling malicious or inefficient activity, providing a fair and reliable experience for all agents.
  • Proof of Work (PoW) Challenges: To deter automated scraping and abuse on our free data tiers, we employ Proof-of-Work challenges. This requires a small, client-side computational effort that is trivial for legitimate users but makes large-scale abuse economically unfeasible.

3. Payment & Data Security

  • PCI Compliant Partners: We partner with industry leaders like Stripe and Shopify to handle all payment processing. We never see or store your credit card information.
  • Zero-Liability Integration: Our Shopify integration uses their native Usage Charges API for commissions. This means we do not directly handle merchant transaction funds, significantly reducing risk and complexity.
  • Encrypted & Secure Database: Our PostgreSQL database (managed by Supabase) enforces SSL/TLS encryption for all connections. Sensitive data is encrypted at the application layer, and our ORM protects against SQL injection attacks.

4. Compliance & Privacy

  • Data Governance: We have a strict data classification framework and role-based access controls to ensure data is only used for its intended purpose.
  • Privacy-Focused: We are committed to user privacy and provide mechanisms for data access, correction, and deletion in line with GDPR and CCPA principles.
  • Third-Party Security: All our third-party integrations (Shopify, Stripe, Resend, etc.) utilize secure best practices like OAuth 2.0, minimal scope permissions, and HMAC signature verification for webhooks.

Our Commitment

Security is an ongoing process. We are dedicated to continuously monitoring our systems, updating our practices, and investing in the security of our platform to maintain the trust of our users.

If you believe you have found a security vulnerability, please contact us at security@abbababa.com.

πŸ’‘ Use CasesπŸ—ΊοΈ Platform Roadmap