MCP Authentication
PayU Remote MCP uses industry-standard OAuth 2.1 authentication with PKCE (Proof Key for Code Exchange) to ensure secure access to your merchant services.
OAuth 2.1 Flow
The authentication process is handled automatically by your MCP client:
sequenceDiagram
participant User
participant MCP Client
participant Browser
participant PayU Auth
User->>MCP Client: Make request
MCP Client->>PayU Auth: Discover authentication
PayU Auth->>Browser: Open login page
User->>Browser: Enter credentials
Browser->>PayU Auth: Approve permissions
PayU Auth->>MCP Client: Return tokens
MCP Client->>MCP Client: Store tokens securely
Flow Steps
- Configure Service URL - Add the PayU MCP URL to your client
- Client Discovers Authentication - Client detects OAuth requirements
- Browser Opens - Login page opens automatically
- Enter Credentials - Sign in with your PayU account
- Approve Permissions - Review and grant access
- Tokens Stored Securely - Client stores encrypted tokens
- Automatic Authentication - All subsequent requests use stored tokens
Security Features
| Feature | Description |
|---|---|
| OAuth 2.1 with PKCE | Industry-standard authentication protocol that prevents authorization code interception attacks |
| Encrypted Tokens | All tokens are encrypted and securely stored by your MCP client |
| Request Validation | Every request is validated before execution |
| PII Protection | Personal data automatically filtered from responses |
Token Management
Token Lifetime
- Access tokens typically last several hours
- Your client automatically refreshes tokens when needed
- No manual intervention required for token renewal
Token Storage
Tokens are securely stored by your MCP client:
| Client | Storage Location |
|---|---|
| Cursor IDE | Encrypted local storage |
| Claude Desktop | System keychain |
Permissions
During the authentication flow, you'll see exactly what permissions you're granting. Common permissions include:
- Transaction Access - View and manage transactions
- Refund Operations - Process refunds
- Settlement Information - Access settlement data
- Report Generation - Create and download reports
Revoking Access
You can revoke MCP access anytime through your PayU account:
- Log in to your PayU dashboard
- Navigate to Security Settings
- Find "Connected Applications" or "API Access"
- Revoke access for the MCP service
NoteAfter revoking access, you'll need to re-authenticate the next time you use the MCP service.
Re-Authentication
If your token expires or you've revoked access, simply:
- Make a request through your MCP client
- The authentication flow will trigger automatically
- Complete the login process in your browser
- Continue using the service
Updated 2 days ago