Tokens, scopes, and workspaces
Control what an MCP client can read or change and which workspace it can reach.
2006462aToken lifecycle#
A personal MCP token starts with the tabbio_mcp_ prefix, is shown once, and is stored by Tabbio only as an HMAC hash. Creating or rotating access invalidates the previous active personal token. Revoke it immediately if a client or device is lost.
Read and write#
mcp:read is required for retrieval tools. mcp:write is required before a direct MCP call can request a mutation. A write scope does not bypass tool-level approvals.
Workspace scope#
Personal scope can reach your own career data. Company scope can reach selected company workspaces. Mixed access covers both. When a token covers multiple companies, some tools require an explicit companyId; the server rejects ambiguous or unauthorized workspace access.
Storage#
Use the client's secret store or operating-system credential store. Never save a raw token in source control, a screenshot, a shared note, or a public issue.