High-risk tools in Payware MCP Server
5 of the 57 tools in Payware MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
payware_authentication_create_jwt_tokenExecuteCreate JWT token for payware API authentication according to official documentation
-
payware_authentication_test_jwtExecuteTest JWT token creation process with detailed step-by-step breakdown, showing deterministic JSON serialization, SHA-256 hash calculation, and final JWT structure
-
payware_authorization_oauth2_obtain_tokenExecuteObtain an OAuth2 access token for a merchant. ISVs must be authorized by payware registered merchants to make requests on their behalf. This endpoint allows ISVs to request ...
-
payware_data_generate_reportExecuteGenerate an asynchronous data report for ISV data analysis and reporting on behalf of merchants. Production only - not supported in sandbox.
-
payware_operations_simulate_callbackExecuteSimulate a transaction callback as an ISV on behalf of a merchant. Triggers a callback to test webhook integration in sandbox environment. Requires ISV authentication with merc...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.