Skip to main content

Authentication

Haptic supports two authentication methods depending on your AI assistant. Supported by: Claude Desktop, ChatGPT OAuth provides the most secure authentication experience. No manual token management required - just authorize once and you’re set.

How It Works

  1. Configure your AI with the Haptic MCP URL: https://mcp.haptic.sh/mcp
  2. When prompted, you’ll be redirected to Haptic’s authorization page
  3. Sign in with your Haptic account (via Clerk)
  4. Authorize the AI to access your financial data
  5. You’ll be redirected back to your AI - ready to use!
OAuth tokens are managed automatically. You don’t need to copy or store anything manually.

Permissions

When you authorize via OAuth, your AI gains access to:
  • Read account balances and summaries
  • Access transaction history
  • View net worth calculations
Haptic provides read-only access. Your AI cannot move money, make purchases, or modify accounts.

API Token (Manual)

Supported by: Poke, custom MCP clients, and other AI assistants without OAuth support For AI assistants that don’t support OAuth, you can generate manual API tokens from your dashboard.

Generating a Token

1

Navigate to Dashboard

Go to haptic.sh/dashboard and sign in
2

Generate Token

Scroll to the “MCP Access Tokens” section and click “Generate New Token”
3

Name Your Token

Give it a descriptive name (e.g., “Poke”, “My Custom AI”)
4

Copy and Save

Copy the generated token immediately. It starts with hap_ and will only be shown once.
Store your token securely. Anyone with this token can access your financial data through the API.
5

Configure Your AI

Add the token to your AI’s MCP configuration:
  • Server URL: https://mcp.haptic.sh/mcp
  • API Key: Your generated token

Token Format

hap_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
Tokens are:
  • Hashed with SHA-256 before storage (cannot be retrieved or reversed)
  • User-specific - tied to your Clerk account
  • Revocable - delete tokens anytime from your dashboard

Managing Tokens

View all your active tokens in the dashboard:
  • See when each token was created
  • Check last used timestamp
  • Delete tokens you no longer need
Create separate tokens for each AI assistant or use case. This makes it easier to revoke access if needed.

Security

Encryption

  • Plaid access tokens: AES-256-CBC encryption (stored encrypted, decrypted only when needed)
  • MCP API tokens: SHA-256 hashing (one-way, cannot be reversed)

Data Storage

We only store:
  • Your Clerk user ID
  • Encrypted Plaid access tokens
  • Hashed MCP tokens
  • Account metadata (names, last updated timestamps)
We never store:
  • Account balances
  • Transaction details
  • Your banking credentials

Best Practices

OAuth is more secure than manual tokens because it doesn’t require you to copy/paste sensitive credentials.
Never share your MCP tokens in public forums, commit them to git, or expose them in client-side code.
Delete old tokens and generate new ones periodically, especially if you suspect a token may have been compromised.
Name your tokens based on where they’re used (e.g., “Poke - MacBook Pro”) to make management easier.

Troubleshooting

Make sure you’re signed in to your Haptic account and have an active subscription. OAuth requires a valid Haptic account.
  • Verify the token starts with hap_
  • Check that you haven’t deleted it from your dashboard
  • Ensure you have an active Haptic subscription
  • Try generating a new token
MCP access requires an active Haptic subscription. Subscribe at haptic.sh/dashboard to enable your tokens.

Need Help?

Email Support

Contact our support team for authentication issues