A good rule of thumb for the type of token to use:
For receiving money with the PaymentRequest endpoint use a Merchant Token.
For everything else, use an access token acquired by OAuth integration with NoFrixion identity server. For more details see OAuth2 integration.
As a convenience, for testing purpose, you may create a user token on the NoFrixion Portal. But you will not be able to authorise payouts using this token as it needs multi-factor authentication.
Most calls to the MoneyMoov API require authentication with a JSON Web Token (JWT). The API uses two types of access tokens:
Merchant access tokens, which are used for creating/managing payment requests, are suitable for use in a configuration file on a web server or in a similar unattended scenario. Merchant access tokens do not expire. Refer Merchant token for more information.
OAuth 2.0 access token, To perform most of the operations on MoneyMoov API other than managing payment requests, you need to acquire an access token through OAuth integration with NoFrixion Identity server. To authorise a Payout, you need to setup multi-factor authentication on NoFrixion identity server to satisfy the Strong Customer Authentication regulatory requirements.
Note: If you do not want to create your own app and go through the process of OAuth integration, then you can simply use the NoFrixion portal to test on sandbox. You can create access tokens on the portal for your convenience.