> ## Documentation Index > Fetch the complete documentation index at: https://docs.getbifrost.ai/llms.txt > Use this file to discover all available pages before exploring further. # List MCP sessions > Returns every per-user MCP authentication artifact visible to the caller — OAuth tokens, header credentials, and pending submission / consent flows. Row visibility is scoped to the caller's identity (Virtual Key, signed-in user, or asserted session ID). Server-level `headers` / `oauth` clients are not surfaced here; their credentials live on the MCP client config. When both a credential and a pending flow exist for the same `(identity, mcp_client)` binding, the credential is returned and the flow is suppressed to avoid duplicate entries. ## OpenAPI ````yaml /openapi/openapi.json get /api/mcp/sessions openapi: 3.1.0 info: title: Bifrost API description: > Bifrost HTTP Transport API for AI model inference and gateway management. This API provides a unified interface for interacting with multiple AI providers including OpenAI, Anthropic, Bedrock, Gemini, and more through a single API, along with comprehensive management APIs for configuring and monitoring the gateway. ## API Structure ### Unified Inference API (`/v1/*`) The primary API using Bifrost's unified format. Model parameters use the format `provider/model` (e.g., `openai/gpt-4`, `anthropic/claude-3-opus`). ### Async Inference API (`/v1/async/*`) Submit inference requests for asynchronous execution. Returns a job ID immediately and allows polling for results. Supports all inference types except batches, files, and containers. ### Provider Integration APIs Native provider-format APIs for drop-in compatibility: - `/openai/*` - OpenAI-compatible API - `/anthropic/*` - Anthropic-compatible API - `/genai/*` - Google GenAI (Gemini) compatible API - `/bedrock/*` - AWS Bedrock compatible API - `/cohere/*` - Cohere compatible API ### Framework Integration APIs Multi-provider proxy endpoints for AI frameworks: - `/litellm/*` - LiteLLM proxy with all provider formats - `/langchain/*` - LangChain compatible endpoints - `/pydanticai/*` - PydanticAI compatible endpoints ### Management APIs (`/api/*`) APIs for managing and monitoring the Bifrost gateway: - `/api/config` - Configuration management - `/api/providers` - Provider and API key management - `/api/plugins` - Plugin management - `/api/governance/*` - Virtual keys, teams, customers, budgets, rate limits, routing rules, and pricing overrides - `/api/logs` - Log search and analytics - `/api/mcp/*` - MCP (Model Context Protocol) client management - `/api/session/*` - Authentication and session management - `/api/cache/*` - Cache management - `/health` - Health check endpoint ## Fallbacks Requests can include fallback models that will be tried if the primary model fails. version: 1.0.0 contact: name: Contact Us url: https://getmaxim.ai/bifrost license: name: Apache 2.0 url: https://opensource.org/licenses/Apache-2.0 servers: - url: '{baseUrl}' description: Your Bifrost instance variables: baseUrl: default: http://localhost:8080 description: Base URL of your Bifrost instance (e.g. https://bifrost.mycompany.com) security: - BearerAuth: [] - BasicAuth: [] - ApiKeyAuth: [] tags: - name: Models description: Model listing and information - name: Chat Completions description: Chat-based text generation - name: Text Completions description: Text completion generation - name: Responses description: OpenAI Responses API compatible endpoints - name: OCR description: Optical character recognition for documents and images - name: Rerank description: Document reranking by relevance to a query - name: Embeddings description: Text embedding generation - name: Images description: Image generations, editing, and variations - name: Videos description: Video generation and management - name: Audio description: Speech synthesis and transcription - name: Count Tokens description: Token counting utilities - name: Batch description: Batch processing operations - name: Files description: File management operations - name: Containers description: Container management operations - name: Async Jobs description: Asynchronous job submission and retrieval endpoints - name: Realtime description: Realtime WebSocket and WebRTC endpoints - name: OpenAI Integration description: OpenAI-compatible API endpoints (/openai/*) - name: Azure Integration description: Azure OpenAI integration endpoints - name: Anthropic Integration description: Anthropic-compatible API endpoints (/anthropic/*) - name: GenAI Integration description: Google GenAI (Gemini) compatible API endpoints (/genai/*) - name: Bedrock Integration description: AWS Bedrock compatible API endpoints (/bedrock/*) - name: Cohere Integration description: Cohere compatible API endpoints (/cohere/*) - name: LiteLLM Integration description: LiteLLM proxy endpoints with multi-provider support (/litellm/*) - name: LangChain Integration description: LangChain compatible endpoints with multi-provider support (/langchain/*) - name: PydanticAI Integration description: >- PydanticAI compatible endpoints with multi-provider support (/pydanticai/*) - name: Health description: Health check endpoints - name: Configuration description: Configuration management endpoints - name: Session description: Session and authentication endpoints - name: Providers description: Provider management endpoints - name: Plugins description: Plugin management endpoints - name: MCP description: Model Context Protocol endpoints - name: Governance description: Virtual keys, teams, and customers management - name: Logging description: Log search and management endpoints - name: Cache description: Cache management endpoints paths: /api/mcp/sessions: get: tags: - MCP summary: List MCP sessions description: > Returns every per-user MCP authentication artifact visible to the caller — OAuth tokens, header credentials, and pending submission / consent flows. Row visibility is scoped to the caller's identity (Virtual Key, signed-in user, or asserted session ID). Server-level `headers` / `oauth` clients are not surfaced here; their credentials live on the MCP client config. When both a credential and a pending flow exist for the same `(identity, mcp_client)` binding, the credential is returned and the flow is suppressed to avoid duplicate entries. operationId: listMcpSessions responses: '200': description: Sessions visible to the caller content: application/json: schema: $ref: '#/components/schemas/MCPSessionsListResponse' '401': description: Unauthorized — missing or invalid credentials content: application/json: schema: $ref: '#/components/schemas/BifrostError' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/BifrostError' security: - ManagementBearerAuth: [] components: schemas: MCPSessionsListResponse: type: object required: - sessions properties: sessions: type: array items: $ref: '#/components/schemas/MCPSessionRow' BifrostError: type: object description: Error response from Bifrost properties: event_id: type: string type: type: string is_bifrost_error: type: boolean status_code: type: integer error: $ref: '#/components/schemas/ErrorField' extra_fields: $ref: '#/components/schemas/BifrostErrorExtraFields' MCPSessionRow: type: object description: > One row on the MCP Sessions list. Covers OAuth tokens, header credentials, and pending flows (of either kind). Always-set fields are at the top; per-kind-only fields use omitempty. required: - id - kind - auth_kind - auth_mode - status - created_at - can_reauth properties: id: type: string description: Row primary key — token UUID, header credential UUID, or flow UUID kind: type: string enum: - token - header - flow description: > Row type: - token: completed per-user OAuth credential - header: completed per-user-headers credential - flow: pending submission / consent flow (use auth_kind to disambiguate OAuth vs Headers) auth_kind: type: string enum: - oauth - headers description: > Disambiguates flow rows by which auth surface they belong to. For `kind=token` this is always `oauth`; for `kind=header` always `headers`. auth_mode: type: string enum: - user - vk - session description: Identity dimension this credential is keyed against user_id: type: string nullable: true description: Populated on user-keyed rows; refers to the SCIM user table user: $ref: '#/components/schemas/MCPUserSummary' nullable: true description: Preloaded user summary; nil when the user table is not available virtual_key: $ref: '#/components/schemas/MCPVirtualKeySummary' nullable: true mcp_client: $ref: '#/components/schemas/MCPClientSummary' nullable: true session_id: type: string nullable: true description: Populated only on session-keyed rows status: type: string enum: - active - orphaned - pending - needs_reauth - needs_update description: | OAuth tokens use: active | orphaned | needs_reauth. Header credentials use: active | orphaned | needs_update. Flow rows use: pending. expires_at: type: string format: date-time nullable: true description: When the OAuth access token expires; nil for header rows created_at: type: string format: date-time last_refreshed_at: type: string format: date-time nullable: true description: OAuth token rows only — last successful refresh updated_at: type: string format: date-time nullable: true description: Header credential rows only — last submission / edit oauth_config_id: type: string nullable: true description: OAuth rows only can_reauth: type: boolean description: > Mirrors the server-side identity gate on POST /api/mcp/sessions/{id}/reauth. Always true for vk- and session-mode rows. For user-mode rows, true only when the calling user matches the row's bound user — admin DAC scope is enough to see the row, but reauthing mints credentials under whoever clicks the URL, so the server returns 403 to non-bound callers. The UI hides the Re-authenticate / Edit values action when this is false. ErrorField: type: object properties: type: type: string code: type: string message: type: string param: type: string event_id: type: string BifrostErrorExtraFields: type: object properties: provider: $ref: '#/components/schemas/ModelProvider' model_requested: type: string request_type: type: string MCPUserSummary: type: object description: Minimal user view embedded on user-keyed session rows. properties: id: type: string name: type: string MCPVirtualKeySummary: type: object description: Minimal virtual-key view embedded in session rows. properties: id: type: string name: type: string MCPClientSummary: type: object description: Minimal MCP client view embedded in session rows. properties: client_id: type: string name: type: string ModelProvider: type: string description: AI model provider identifier enum: - openai - azure - anthropic - bedrock - cohere - vertex - vllm - mistral - ollama - groq - sgl - parasail - perplexity - replicate - cerebras - gemini - openrouter - elevenlabs - huggingface - nebius - xai - runway - fireworks securitySchemes: BearerAuth: type: http scheme: bearer description: > Bearer token authentication. Use your provider API key or Bifrost authentication token. Virtual keys (prefixed with `sk-bf-`) can also be passed here. BasicAuth: type: http scheme: basic description: | Basic authentication using username and password. ApiKeyAuth: type: apiKey in: header name: x-api-key description: | API key authentication via the `x-api-key` header. Virtual keys (prefixed with `sk-bf-`) can also be passed here. ManagementBearerAuth: type: http scheme: bearer description: > Management API authentication for `/api/*` endpoints. Use the `Authorization` header with `Bearer `. Virtual keys, dashboard/user/session tokens, and `x-api-key` headers are not supported on management APIs. ````