How MyApi protects your credentials.
MyApi exists because handing an AI agent your real passwords is a bad idea. This page states exactly what we do — algorithms, key handling, logging, and the honest current state of compliance — so you can evaluate it like an engineer, not a marketing reader.
Encryption & key management
- Credentials at rest: every OAuth token, API key, and service credential is encrypted with AES-256-GCM (authenticated encryption — tampered ciphertext fails to decrypt) before it touches the database.
- Key derivation: encryption keys are derived with PBKDF2 (600,000 iterations), per NIST guidance, from a master key held only in server environment configuration — never in the database, never in client code.
- Key rotation: the encryption layer supports re-encrypting stored secrets under a new master key without downtime.
- Vault access tokens: the tokens agents authenticate with are stored bcrypt-hashed — MyApi itself cannot recover a token after issuance, only verify it.
- In transit: TLS everywhere, with HSTS (1-year, preload). API responses carry
Cache-Control: no-storeso credentials never land in intermediary caches.
The sealed-vault guarantee
Agents never receive provider credentials — under any scope. An agent holds only a MyApi scoped token (or an Ed25519 device keypair). When it calls a service, MyApi decrypts the stored credential server-side, signs the outbound request, and returns the result. There is no API through which an agent can read a raw OAuth token or API key belonging to a connected service. Revealing a vault secret to a human owner in the dashboard is a separate, audited action on its own endpoint.
Access control
- Scoped tokens: each token carries an explicit scope list (e.g.
services:gmail:read). Scope hierarchy:admin:*>services:*>services:{name}:read. Write implies read; nothing implies write. - Narrowest-wins resolution: every call is checked against the token scope, the persona ceiling (when one is attached), and the service grant — the narrowest of the three applies. Denied calls never leave the gateway.
- Resource sub-scopes: access can be narrowed below service level (specific calendars, repos, Home Assistant entities). Sub-scope checks fail closed at the proxy.
- Per-agent limits: rate and usage limits are enforced per agent at authentication time (HTTP 429 on breach), independent of global gateway rate limiting.
- Device approval: new agent devices register an Ed25519 keypair and remain inert until the owner approves them in the dashboard. Pause or revoke any agent in one click.
- Two-factor auth: TOTP (authenticator-app) 2FA can be required on owner sign-in, challenged after the OAuth identity step.
- Roles & workspaces: multi-tenant workspaces with role-based access control; every request is workspace-scoped via an explicit header.
Audit logging
- Every API action is written to an append-oriented audit log with actor identity, token/agent attribution, IP address, scope used, and action metadata.
- Attribution survives delegation: calls made by an agent are attributed to that agent, not blended into the owner's activity, so you can answer "which agent did this?" months later.
- Retention: audit records are kept for the life of the account and included in data export. On account deletion, your account record (including name and email) is removed; the append-only audit records that remain reference only an internal identifier — no direct personal identifiers — and are retained for tamper-evidence and security. Organization plans can stream audit events to an external sink (e.g. your SIEM) and set workspace retention policies.
- Anomaly monitoring: a token-security monitor watches for anomalous usage patterns (unfamiliar origins, unusual volume) and raises security alerts to the owner.
Prompt-injection defense
Content that flows back through the gateway toward an agent (emails, documents, web content) is scanned by a dedicated classifier sidecar for prompt-injection payloads. Flagged events raise an alert in the security hub and notify the owner by email. This is defense-in-depth on top of scoping: even a successfully hijacked agent can only act within the scopes you granted it.
Your data
- Export: full account export (personas, skills, knowledge base, memory, settings) at any time — nothing is locked in.
- Deletion: account deletion removes your data, including encrypted credentials; inactive beta accounts are warned before any lifecycle action is taken.
- Backups: owner-triggered snapshots plus operational backups of the platform database.
- Self-hosting: the core gateway is open-source — you can run it on your own infrastructure and keep credentials entirely in-house.
- AI training: our
robots.txtpublishesContent-Signal: ai-train=no; your vault contents are never used to train models.
Compliance, honestly
MyApi is in open beta and is not yet SOC 2 or ISO 27001 certified. The controls above (encryption, scoped access, full audit trail, export/deletion) are built to the standards those audits assess, and formal certification is planned as the platform exits beta. If your evaluation needs specifics we haven't published, ask us directly on Discord — we'd rather answer precisely than imply.
Reporting a vulnerability
Found something? Please report it privately via Discord (DM a maintainer) or through the contact on our GitHub repository. We commit to acknowledging reports quickly and crediting reporters who wish to be named.