Token Security

• JWT-based authentication - Secure token-based access to your data
• 60-day expiration - Tokens automatically expire for security
• Scoped access - Only accesses disbursement and transaction data
• Merchant isolation - Each token only accesses your merchant data

Best Practices

• Never share tokens - Keep your MCP token private
• Regular rotation - Generate new tokens before expiration
• Monitor usage - Review access logs in the Merchant Portal
• Secure storage - Store tokens in secure configuration files

Token Management

• Generation: Create new tokens anytime in the Merchant Portal
• Expiration: Tokens expire after 60 days by default
• Revocation: Disable tokens immediately in the portal
• Regeneration: Generate new tokens before old ones expire