Docs

MCP Tokens

Generate and manage bearer tokens for AI clients to access your financial data.

MCP (Model Context Protocol) tokens allow AI clients -- such as Claude, Cursor, or other AI assistants -- to securely access your organization's financial data through the Levelup API. Each token is a bearer token scoped to read-only financial data access.

What MCP Tokens Are Used For

MCP tokens let you connect AI tools to your Levelup data so they can:

  • Query your company financial statements (income statement, balance sheet, cash flow)
  • Access calculated KPIs and metrics
  • Pull portfolio-level data for analysis

All access is read-only. MCP tokens cannot modify your data, manage your organization, or perform any write operations.

Accessing the MCP Tokens Page

  1. Click Settings in the sidebar navigation.
  2. Select MCP Tokens.

Creating a Token

  1. On the MCP Tokens page, locate the Create Token section.
  2. Optionally enter a Name for the token (for example, "Claude desktop token" or "Cursor workspace"). This helps you identify the token later.
  3. Set the Expiry (days) -- how many days until the token expires. The default is 90 days, and the maximum is 365 days.
  4. Click Create Token.

After creation, the token value is displayed in a green banner at the top of the page. Copy this token immediately -- you will not be able to see it again after navigating away.

Token Scope

All MCP tokens are created with the read:financial scope. This scope is fixed and cannot be changed. Tokens are tied to your currently active organization.

Managing Existing Tokens

The Existing Tokens section lists all tokens you have created. For each token you can see:

  • Name or prefix -- The name you gave the token, or the token prefix if no name was set.
  • Created date -- When the token was generated.
  • Expiry date -- When the token will expire.
  • Last used -- The most recent time the token was used to access the API (if applicable).
  • Status -- Whether the token is active, expired, or revoked.

Revoking a Token

To revoke a token and immediately prevent it from being used:

  1. Find the token in the Existing Tokens list.
  2. Click the Revoke button.
  3. The token status changes to "revoked" and it can no longer be used to access the API.

Revoking a token is permanent -- you cannot un-revoke a token. If you need access again, create a new token.

Security Best Practices

  • Treat tokens like passwords -- Do not share them in plain text or commit them to version control.
  • Use descriptive names -- Name each token after the tool or device it is used with so you can identify and revoke them individually.
  • Set appropriate expiry -- Use shorter expiry times for tokens you expect to use temporarily.
  • Revoke unused tokens -- If you are no longer using a token or an AI tool, revoke the token promptly.
  • One token per tool -- Create separate tokens for each AI client or device so you can revoke access to one without affecting others.

See Also

Previous

Using the Inbox

Next

Device Authorization

Command Palette

Search for a command to run...