> ## Documentation Index
> Fetch the complete documentation index at: https://docs.4mica.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Risk and Abuse Prevention

> Protect paid agent routes from spam, free-trial abuse, failed payments, and suspicious buyers.

Agent traffic is fast. A small mistake in pricing, pre-work, or free trials can become expensive quickly.

The rule is simple: do not spend meaningful resources until payment validation or another explicit trust decision has happened.

## Spam requests

Unpaid requests should be cheap. Your API can return HTTP 402 without running the expensive model, tool call, search, or workflow.

Add controls around the unpaid edge so discovery does not become free compute.

| Control                                  | Why it helps                                                 |
| ---------------------------------------- | ------------------------------------------------------------ |
| Rate limit unpaid requests               | Prevents repeated 402 discovery from becoming noisy traffic. |
| Cache payment requirements               | Keeps common route pricing cheap to return.                  |
| Reject oversized bodies early            | Stops attackers from making quote generation expensive.      |
| Require a quote step                     | Keeps expensive work behind an explicit pricing decision.    |
| Watch repeated 402s without paid retries | Helps you spot probing or unpaid automation.                 |

Monitor unpaid traffic and failed retries from [4mica dashboard](https://app.4mica.io) where available.

<Warning>
  Never run the expensive part of the task just to decide whether payment is required. The unpaid edge should stay cheap.
</Warning>

## Free-trial abuse

Free trials are not payment guarantees. Treat them as marketing spend with strict limits.

* cap trial value per wallet, account, IP, agent identity, or API key;
* expire credits quickly;
* require a funded payment path before high-cost trials;
* block repeated trial farming patterns;
* convert unknown agents to small paid trials when abuse appears.

## Handle failure claims

When a buyer claims your agent failed, check three records:

1. payment record: did the buyer sign and did settlement succeed?
2. delivery record: did your system return the promised response?
3. product rule: did the result meet your published completion criteria?

If the issue is a technical failure on your side, refund or credit according to policy. If the issue is subjective output quality, use the terms you published for that route.

<Tip>
  Write completion criteria before launch, not during the support conversation. It makes failure claims faster and fairer to resolve.
</Tip>

## Spend and request limits

Limit exposure per buyer or agent before traffic grows. Useful limits include maximum requests per minute, paid value per hour, concurrent tasks, downstream spend, task duration, and unpaid quote attempts.

You can enforce limits by payer address, agent identity, account, domain, API key, guarantee, or IP depending on what your integration captures.

## Suspicious activity

Pause or reject payment flows when behavior no longer matches a normal buyer. Repeated invalid signatures, payment headers reused across routes or prices, mismatched `payTo`, amount, network, or asset, sudden spikes from a new payer, repeated failures after delivery, trial farming, refund farming, or unprofitable requests all deserve review.

Payment validation is necessary, but not the whole abuse system. Keep application-level policy close to the paid route.

For abuse patterns, send wallet, guarantee, route, and timestamp details to [support](mailto:support@4mica.io).

## Build confidence with collateral

4Mica's credit model is backed by payer collateral. You should still choose when extra deposits or prepayment are appropriate.

| Situation                               | Safer approach                                             |
| --------------------------------------- | ---------------------------------------------------------- |
| Expensive long-running job              | Require more collateral or staged payment before starting. |
| Custom work with subjective acceptance  | Publish completion and refund rules before payment.        |
| Workflow with high downstream cost      | Cap downstream spend and quote before execution.           |
| Unknown buyer with no reputation        | Start with lower limits or higher prepayment.              |
| Task that cannot be cheaply interrupted | Require enough coverage before work begins.                |

For small deterministic requests, a valid payment guarantee may be enough.

## Risk checklist

Before launch, make sure your risk controls match the cost of your routes.

* verify and settle before paid work
* rate limit unpaid and invalid requests
* cap buyer spend and concurrency
* keep free trials narrow
* log every paid request and response
* define refund rules before launch
* monitor clearing, payment, and finality deadlines
* block suspicious payers quickly