OAUTH 2.0
ACCOUNTING & FINANCE
Connect to GoCardless MCP. Retrieve and list customers, mandates, payments, payouts, refunds, and subscriptions, and explore integration options from your...
token = client.agent.get_token(user_id="user_id", connector="gocardlessmcp")const token = await client.agent.getToken({ userId: "user_id", connector: "gocardlessmcp" });const token = await client.agent.getToken({ userId: "user_id", connector: "gocardlessmcp" });token = client.agent.get_token(user_id="user_id", connector="gocardlessmcp")Does the agent access GoCardless as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.
Where is the GoCardless OAuth token stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.
Can I limit what the agent is allowed to do in GoCardless?
Yes. Pass a tool name filter to listScopedTools so the AI agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches GoCardless.
What happens when a user revokes GoCardless access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.
Can the agent move money in GoCardless?
No. The toolset is read-only: customers, mandates, payments, payouts, refunds, and subscriptions. Scalekit scope checks block anything outside that list before it reaches GoCardless.