diff --git a/BTCPayServer/Controllers/StoresController.cs b/BTCPayServer/Controllers/StoresController.cs
index 14e0fcacd..8827b83de 100644
--- a/BTCPayServer/Controllers/StoresController.cs
+++ b/BTCPayServer/Controllers/StoresController.cs
@@ -1,4 +1,5 @@
 using BTCPayServer.Authentication;
+using BTCPayServer.Data;
 using BTCPayServer.Models;
 using BTCPayServer.Models.StoreViewModels;
 using BTCPayServer.Services.Stores;
@@ -8,6 +9,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Rendering;
 using NBitcoin;
 using NBitpayClient;
 using NBXplorer.DerivationStrategy;
@@ -21,6 +23,7 @@ namespace BTCPayServer.Controllers
 	[Route("stores")]
 	[Authorize(AuthenticationSchemes = "Identity.Application")]
 	[Authorize(Policy = "CanAccessStore")]
+	[AutoValidateAntiforgeryToken]
 	public class StoresController : Controller
 	{
 		public StoresController(
@@ -123,7 +126,6 @@ namespace BTCPayServer.Controllers
 		}
 
 		[HttpPost]
-		[ValidateAntiForgeryToken]
 		[Route("{storeId}")]
 		public async Task<IActionResult> UpdateStore(string storeId, StoreViewModel model, string command)
 		{
@@ -220,7 +222,7 @@ namespace BTCPayServer.Controllers
 		}
 
 		[HttpPost]
-		[ValidateAntiForgeryToken]
+		[Route("/api-tokens")]
 		[Route("{storeId}/Tokens/Create")]
 		public async Task<IActionResult> CreateToken(string storeId, CreateTokenViewModel model)
 		{
@@ -229,6 +231,17 @@ namespace BTCPayServer.Controllers
 				return View(model);
 			}
 
+			if(storeId == null) // Permissions are not checked by Policy if the storeId is not passed by url
+			{
+				storeId = model.StoreId;
+				var userId = GetUserId();
+				if(userId == null)
+					return Unauthorized();
+				var store = await _Repo.FindStore(storeId, userId);
+				if(store == null)
+					return Unauthorized();
+			}
+
 			var tokenRequest = new TokenRequest()
 			{
 				Facade = model.Facade,
@@ -262,16 +275,29 @@ namespace BTCPayServer.Controllers
 		}
 
 		[HttpGet]
+		[Route("/api-tokens")]
 		[Route("{storeId}/Tokens/Create")]
-		public IActionResult CreateToken()
+		public async Task<IActionResult> CreateToken(string storeId)
 		{
+			var userId = GetUserId();
+			if(string.IsNullOrWhiteSpace(userId))
+				return Unauthorized();
 			var model = new CreateTokenViewModel();
 			model.Facade = "merchant";
+			ViewBag.HidePublicKey = storeId == null;
+			ViewBag.ShowStores = storeId == null;
+			ViewBag.ShowMenu = storeId != null;
+			model.StoreId = storeId;
+			if(storeId == null)
+			{
+				model.Stores = new SelectList(await _Repo.GetStoresByUserId(userId), nameof(StoreData.Id), nameof(StoreData.StoreName), storeId);
+			}
+			
 			return View(model);
 		}
 
+
 		[HttpPost]
-		[ValidateAntiForgeryToken]
 		[Route("{storeId}/Tokens/Delete")]
 		public async Task<IActionResult> DeleteToken(string storeId, string tokenId)
 		{
@@ -316,7 +342,6 @@ namespace BTCPayServer.Controllers
 		}
 
 		[HttpPost]
-		[ValidateAntiForgeryToken]
 		[Route("api-access-request")]
 		public async Task<IActionResult> Pair(string pairingCode, string selectedStore)
 		{
diff --git a/BTCPayServer/Models/StoreViewModels/TokensViewModel.cs b/BTCPayServer/Models/StoreViewModels/TokensViewModel.cs
index 207882616..8788d1ad2 100644
--- a/BTCPayServer/Models/StoreViewModels/TokensViewModel.cs
+++ b/BTCPayServer/Models/StoreViewModels/TokensViewModel.cs
@@ -1,4 +1,5 @@
 using BTCPayServer.Validations;
+using Microsoft.AspNetCore.Mvc.Rendering;
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
@@ -25,6 +26,17 @@ namespace BTCPayServer.Models.StoreViewModels
 		{
 			get; set;
 		}
+
+		[Required]
+		public string StoreId
+		{
+			get; set;
+		}
+
+		public SelectList Stores
+		{
+			get; set;
+		}
 	}
 	public class TokenViewModel
 	{
diff --git a/BTCPayServer/Views/Invoice/Checkout.cshtml b/BTCPayServer/Views/Invoice/Checkout.cshtml
index 4cc0deba5..9a68d39a6 100644
--- a/BTCPayServer/Views/Invoice/Checkout.cshtml
+++ b/BTCPayServer/Views/Invoice/Checkout.cshtml
@@ -179,7 +179,7 @@
 								<div adjust-height="" class="payment-box">
 									<div class="bp-view payment scan" id="scan" style="opacity: 1;">
 										<div class="payment__scan">
-											<div class="payment__details__instruction__open-wallet hidden-sm-up">
+											@*<div class="payment__details__instruction__open-wallet hidden-sm-up">
 												<!---->
 												<a class="payment__details__instruction__open-wallet__btn action-button action-button--secondary">
 													<span i18n="">Show QR code</span>
@@ -193,9 +193,9 @@
 													<!---->
 													<div class="qr-codes"></div>
 												</div>
-											</div>
+											</div>*@
 											<!---->
-											<div class="qr-codes hidden-xs-down"></div>
+											<div class="qr-codes"></div>
 										</div>
 										<div class="payment__details__instruction__open-wallet">
 											<a class="payment__details__instruction__open-wallet__btn action-button" href="@Model.InvoiceBitcoinUrl">
diff --git a/BTCPayServer/Views/Shared/_NavLayout.cshtml b/BTCPayServer/Views/Shared/_NavLayout.cshtml
index 49e110329..79091b85c 100644
--- a/BTCPayServer/Views/Shared/_NavLayout.cshtml
+++ b/BTCPayServer/Views/Shared/_NavLayout.cshtml
@@ -1,5 +1,6 @@
 @{
 	Layout = "/Views/Shared/_Layout.cshtml";
+	ViewBag.ShowMenu = ViewBag.ShowMenu ?? true;
 }
 
 
@@ -15,7 +16,10 @@
 		<div>
 			<div class="row">
 				<div class="col-md-3">
-					@await Html.PartialAsync("_Nav")
+					@if(ViewBag.ShowMenu)
+					{
+						@await Html.PartialAsync("_Nav")
+					}
 				</div>
 				<div class="col-md-9">
 					@RenderBody()
diff --git a/BTCPayServer/Views/Stores/CreateToken.cshtml b/BTCPayServer/Views/Stores/CreateToken.cshtml
index e46fba786..f18be63fe 100644
--- a/BTCPayServer/Views/Stores/CreateToken.cshtml
+++ b/BTCPayServer/Views/Stores/CreateToken.cshtml
@@ -9,18 +9,21 @@
 
 <div class="row">
 	<div class="col-md-6">
-		<form asp-action="CreateToken" method="post">
+		<form method="post">
 			<div class="form-group">
 				<label asp-for="Label"></label>
 				<input asp-for="Label" class="form-control" />
 				<span asp-validation-for="Label" class="text-danger"></span>
 			</div>
-			<div class="form-group">
-				<label asp-for="PublicKey"></label>
-				<small class="text-muted">Keep empty for server-initiated pairing</small>
-				<input asp-for="PublicKey" class="form-control" />
-				<span asp-validation-for="PublicKey" class="text-danger"></span>
-			</div>
+			@if(!ViewBag.HidePublicKey)
+			{
+				<div class="form-group">
+					<label asp-for="PublicKey"></label>
+					<small class="text-muted">Keep empty for server-initiated pairing</small>
+					<input asp-for="PublicKey" class="form-control" />
+					<span asp-validation-for="PublicKey" class="text-danger"></span>
+				</div>
+			}
 			<div class="form-group">
 				<label asp-for="Facade"></label>
 				<select asp-for="Facade" class="form-control">
@@ -29,6 +32,19 @@
 				</select>
 				<span asp-validation-for="Facade" class="text-danger"></span>
 			</div>
+
+			@if(ViewBag.ShowStores)
+			{
+				<div class="form-group">
+					<label asp-for="StoreId" class="control-label"></label>
+					<select asp-for="StoreId" asp-items="Model.Stores" class="form-control"></select>
+					<span asp-validation-for="StoreId" class="text-danger"></span>
+				</div>
+			}
+			else
+			{
+				<input type="hidden" asp-for="StoreId" />
+			}
 			<div class="form-group">
 				<input type="submit" value="Request pairing" class="btn btn-default" />
 			</div>
diff --git a/btcpayserver.sln b/btcpayserver.sln
index be7deae49..0228c7128 100644
--- a/btcpayserver.sln
+++ b/btcpayserver.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26730.3
+VisualStudioVersion = 15.0.26730.16
 MinimumVisualStudioVersion = 15.0.26124.0
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BTCPayServer", "BTCPayServer\BTCPayServer.csproj", "{949A0870-8D8C-4DE5-8845-DDD560489177}"
 EndProject