Authentication and Security
Credential management is the foundation of a secure Synap integration. A compromised API key gives an attacker full access to your instance’s memory store.API key stored in a secrets manager
- AWS: Secrets Manager or SSM Parameter Store
- GCP: Secret Manager
- Azure: Key Vault
- Self-hosted: HashiCorp Vault
.env files, or container images)Webhook signature verification implemented
API key rotation schedule established
- Recommended rotation cadence: every 90 days for standard deployments, every 30 days for high-security environments
- Document the rotation procedure in your team’s runbook
- Automate rotation if possible (e.g., via a cron job or CI/CD step)
SDK Configuration
Proper SDK configuration ensures your integration performs well under production load and does not generate excessive logging or resource usage.Log level set appropriately
log_level to "WARNING" or "ERROR". The "DEBUG" and "INFO" levels generate high-volume output that degrades performance and can expose sensitive information in log aggregators.log_level is set to "WARNING" or "ERROR" (not "DEBUG" or "INFO")Timeouts configured for your SLA
Retry policy tuned
- High-throughput systems: Reduce
max_attemptsto 2 to avoid retry storms - Critical operations: Increase
max_attemptsto 5 for reliability - Low-latency paths: Reduce
backoff_maxto limit total retry time
Cache backend enabled
cache_backend is set to "sqlite" for production performanceSession timeout configured
session_timeout_minutes setting controls how long an authenticated session lasts before requiring re-authentication. The default is appropriate for most cases, but adjust based on your security requirements:- Standard applications: 60-480 minutes (1-8 hours)
- High-security environments: 5-30 minutes
- Long-running batch processes: 720-1440 minutes (12-24 hours)
session_timeout_minutes is configured appropriately (range: 5-1440)Memory Architecture
Synap generates each Instance’s memory configuration automatically from the use-case file you upload. Before going to production, make sure that file reflects the agent you are actually deploying.Use-case file accurately describes the production agent
Verify retrieval quality on representative queries
Confirm the Instance is in the active state
provisioning to active and that its memory architecture has been generated and applied. Do not start production traffic on an Instance that is still provisioning.
active and ready to accept trafficError Handling
Robust error handling ensures your application degrades gracefully when Synap encounters issues, rather than crashing or returning empty responses.All SynapError subtypes caught appropriately
Transient errors logged with correlation_id
SynapError includes a correlation_id field. Always log it: this is the primary identifier Synap support uses to trace issues.correlation_id from the Synap errorGraceful degradation implemented
Rate limit handling with retry_after
RateLimitError, respect the retry_after_seconds field before retrying:retry_after_secondsMonitoring
Observability is critical for understanding how your Synap integration performs in production and catching issues before they impact users.Dashboard analytics reviewed regularly
- API call volume and success rate
- Memory counts by category and scope
- Ingestion throughput and processing latency
- Retrieval latency percentiles (P50, P95, P99)

Webhooks configured for critical events
ingestion.failed: ingestion pipeline errorscredential.expiring: credentials approaching expirationconfig.applied: configuration changesretention.cleanup: memory retention cleanup completed
P95 latency baseline established
- Run a representative mix of
memories.create(),context.fetch()(bothfastandaccurate), andmemories.batch_create()against your staging Instance. - Record P50 / P95 / P99 for each operation over a representative window (at least 1 hour of realistic traffic).
- Set production alert thresholds at a multiple of your staging P95 (e.g., 2-3× P95) so normal variance doesn’t page you.
- Re-baseline after any MACA change, SDK upgrade, or significant traffic-pattern shift.
Error rate alerts configured
- Synap API error rate exceeding 1% over 5 minutes
- Authentication failures (any occurrence)
- Rate limit hits exceeding your expected threshold
- Retrieval returning zero results when memories are expected
Cost tracking enabled
- API call volume (ingestion + retrieval)
- Storage usage (vector + graph)
- Bandwidth usage
Performance
Optimization ensures your integration meets latency requirements and minimizes unnecessary resource usage.Using fast mode for latency-sensitive paths
mode="fast" for any operation in the critical path of user-facing requests. Reserve mode="accurate" for background tasks, research queries, or paths where the user is willing to wait.Batch ingestion for bulk operations
batch_create() instead of multiple create() calls:Context compaction enabled for long conversations
Cache is enabled
cache.stats() is synchronous and returns a dict with enabled, client_id, base_path, total_entries, total_bytes, and per-backend stats under backends. If enabled is False or total_entries stays at 0 over time, your cache backend isn’t engaged; check SDKConfig.cache_backend.
Operational Readiness
Beyond code and configuration, production readiness requires documented procedures and team alignment.Team roles assigned appropriately
Credential rotation runbook documented
- Generate new key in Dashboard
- Update secrets manager with new key
- Deploy application with updated secret reference
- Verify new key is working (check Dashboard for API calls)
- Revoke old key after grace period (48 hours)
Support channel documented
- Synap Documentation: docs.maximem.ai
- Community Discord: discord.gg/synap
- GitHub Issues: github.com/maximem-ai/maximem_synap_sdk/issues
- Email Support: [email protected] (include
correlation_idin all reports)