A valid request URL is required to generate request examples{
"authorize_url": "<string>",
"session_id": "<string>",
"submit_url": "<string>"
}{
"event_id": "<string>",
"type": "<string>",
"is_bifrost_error": true,
"status_code": 123,
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"param": "<string>",
"event_id": "<string>"
},
"extra_fields": {
"model_requested": "<string>",
"request_type": "<string>"
}
}{
"event_id": "<string>",
"type": "<string>",
"is_bifrost_error": true,
"status_code": 123,
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"param": "<string>",
"event_id": "<string>"
},
"extra_fields": {
"model_requested": "<string>",
"request_type": "<string>"
}
}{
"event_id": "<string>",
"type": "<string>",
"is_bifrost_error": true,
"status_code": 123,
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"param": "<string>",
"event_id": "<string>"
},
"extra_fields": {
"model_requested": "<string>",
"request_type": "<string>"
}
}Re-authenticate or edit an MCP session
Mints a fresh authentication flow against the same MCP client and identity as the existing row. Two branches based on row type:
- OAuth token (any non-
orphanedrow, typicallyneeds_reauth— butactiveis also accepted) — opens a fresh upstream OAuth consent flow. Caller is expected to followauthorize_urlto the provider; on callback the credential is replaced in place. - Header credential (
activeorneeds_update) — opens a fresh per-user-headers submission flow. Caller follows the same URL field to the Bifrost submission form; on submit the credential is replaced in place.kind: "headers"is set on the response.
Refused with 403 if the row is orphaned — a fresh credential wouldn’t
help; the issue is the identity has lost access to the MCP, which the
admin must fix.
A valid request URL is required to generate request examples{
"authorize_url": "<string>",
"session_id": "<string>",
"submit_url": "<string>"
}{
"event_id": "<string>",
"type": "<string>",
"is_bifrost_error": true,
"status_code": 123,
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"param": "<string>",
"event_id": "<string>"
},
"extra_fields": {
"model_requested": "<string>",
"request_type": "<string>"
}
}{
"event_id": "<string>",
"type": "<string>",
"is_bifrost_error": true,
"status_code": 123,
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"param": "<string>",
"event_id": "<string>"
},
"extra_fields": {
"model_requested": "<string>",
"request_type": "<string>"
}
}{
"event_id": "<string>",
"type": "<string>",
"is_bifrost_error": true,
"status_code": 123,
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"param": "<string>",
"event_id": "<string>"
},
"extra_fields": {
"model_requested": "<string>",
"request_type": "<string>"
}
}Authorizations
Management API authentication for /api/* endpoints. Use the Authorization header with Bearer <API key>.
Virtual keys, dashboard/user/session tokens, and x-api-key headers are not supported on management APIs.
Path Parameters
Session row ID (OAuth token or header credential)
Response
Fresh flow opened
Response for POST /api/mcp/sessions/{id}/reauth. Returns the URL the caller must visit to complete the fresh authentication / resubmission.
Where the caller must go. For OAuth rows this is the upstream provider's authorize page (via a Bifrost intermediate). For header credential rows it's the Bifrost submission form for the new flow.
ID of the freshly-minted flow row
Set only on header re-auth and identical to authorize_url. Kept for callers that want to be explicit about the underlying surface.
Set only on header re-auth
oauth, headers Was this page helpful?

