Bearer-only MCP
Every JSON-RPC POST requires Authorization: Bearer <token>. Unauthenticated calls are rejected.
Security
How MCPLoad Budgeter protects paid MCP access
The remote endpoint is intentionally narrow: bearer auth is required, GET requests return JSON 405, tokens are issued once after payment, and usage logs avoid sensitive request bodies.
One-time token claim
Checkout creates an order and claim code. After payment confirmation, the token is shown once and only the prefix is retained in status responses.
Safe usage logging
Logs capture method, tool, status, duration, plan, and short order/token summaries. Full bearer tokens and sensitive request bodies are not stored.
Fixed tool surface
The endpoint exposes only the five budget tools listed in the server-card and does not provide arbitrary SQL, shell, deployment, deletion, or payment-changing tools.