Security And Troubleshooting
Optimus MCP lets an AI assistant access VAT lookup and validation. Configure it with the same care you use for API access to production customer data.
Protect The Token
- Create Personal Access Tokens in the Optimus web app under Settings > API Interface > API Tokens.
- Store tokens in your MCP client's secure configuration or secret store.
- Do not paste real
tok_optimus_token values into chat messages, prompts, screenshots, tickets, generated files, or logs. - Revoke or rotate a token in Optimus if it may have been exposed.
- Use the test endpoint and a test token while trying a new assistant workflow.
Your MCP client must send:
Authorization: Bearer <token>
Hosted Endpoints
| Environment | MCP endpoint |
|---|---|
| Production | https://mcp.app.optimussoftware.de |
| Test | https://mcp.dev.app.optimussoftware.de |
Use production only for production data. If your MCP client supports action allow-lists, enable only Optimus VAT lookup and validation actions for this connection.
Customer Data
VAT IDs, company names, addresses, customer numbers, supplier numbers, validation results, and PDF metadata can be sensitive customer data.
Use these rules:
- Share only the records needed for the task.
- Avoid asking the assistant to print complete customer lists unless necessary.
- Ask for summarized results when full details are not needed.
- Do not include tokens in the same prompt as customer data.
Safe Retry Behavior
For important validation jobs, ask the assistant to use a stable reference for retries, such as your import job ID or batch ID.
Example:
Use Optimus MCP to validate this supplier batch. Use customer-import-2026-05-22-001 as the retry reference.
This helps Optimus avoid duplicate work if the assistant retries after a timeout or network interruption.
Common Problems
| Problem | What to check |
|---|---|
| The assistant cannot connect to Optimus MCP. | Confirm the endpoint URL is exactly https://mcp.app.optimussoftware.de or https://mcp.dev.app.optimussoftware.de. |
| The assistant reports missing authorization. | Confirm the MCP client sends Authorization: Bearer <token>. |
| The token is rejected. | Confirm the token was copied correctly, has not been revoked, and belongs to the selected environment. |
| A VAT lookup cannot find a match. | Include company name, country, street, ZIP, and city when available. |
| A validation takes longer than expected. | Ask the assistant to continue the validation and summarize the final result. |
| A validation failed. | Keep the operation or batch reference and contact Optimus support with the error message. |
What To Share With Support
When you need help, share:
- The environment you used: production or test.
- The time of the failed request.
- The VAT ID or your own non-sensitive reference ID.
- The assistant's error message.
Do not share real bearer tokens.