A User token is a full permission token that can perform all your actions, other than a final payout authorisation. This token is only valid for 30 minutes. Be CAREFUL with this token, if someone else gets hold of it before it expires they can do everything you can do on the MoneyMoov API.
For developer convenience, you can acquire user tokens from NoFrixion Sandbox Portal. This method of acquiring a User token is only provided as a convenience mechanism for testing. In live scenarios an OAuth2 Authorization Code Flow needs to be used. Learn more about OAuth2 integration with MoneyMoov here.
Note that token acquired this way cannot be used for payout authorisation. For making payout authorisation API request, you cannot use NoFrixion portal token. You have to create your own client in NoFrixion identity server. For further details, have a look at OAuth2 integration with MoneyMoov API